cb608a35905c10c74c1b6f5d51dffd030f05282d2ac0eaa4bf2c9f38b8b97996

Analysis

max time kernel
1s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

376d63099fa6cf382e4fb73fb887a814.exe
Size

904KB
MD5

376d63099fa6cf382e4fb73fb887a814
SHA1

9d96f3f01fca309ddccf70075f64a58e828b30f0
SHA256

cb608a35905c10c74c1b6f5d51dffd030f05282d2ac0eaa4bf2c9f38b8b97996
SHA512

819788afa3ad1da730483de9bcc938c5048ac5dbd115333a446ddd2f68f188e82af5e2f14076a676e34e7264f5af0a4af73874c635335086f261412d881be4ea
SSDEEP

24576:IzoBkA1xdCtvUFVdy+7fSQG9fe8rN2mpsWa:sYDdmsFPySDG9rQOsWa

Score

5^/10

Malware Config

Signatures

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3220 set thread context of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3220	376d63099fa6cf382e4fb73fb887a814.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25
PID 3220 wrote to memory of 4216	3220	376d63099fa6cf382e4fb73fb887a814.exe	25

C:\Users\Admin\AppData\Local\Temp\376d63099fa6cf382e4fb73fb887a814.exe
"C:\Users\Admin\AppData\Local\Temp\376d63099fa6cf382e4fb73fb887a814.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3220
- C:\Users\Admin\AppData\Local\Temp\376d63099fa6cf382e4fb73fb887a814.exe
  C:\Users\Admin\AppData\Local\Temp\376d63099fa6cf382e4fb73fb887a814.exe
  2⤵
  PID:4216
- - C:\Users\Admin\AppData\Local\Temp\KH3_9.exe
    "C:\Users\Admin\AppData\Local\Temp\KH3_9.exe"
    3⤵
    PID:2788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\KH3_9.exe

Filesize
20KB

MD5
5afa5f47ac5dd6b5e9499c9e6e5d49e0

SHA1
6c31d85aba6e6cdd77fb7194866d54949661f9d1

SHA256
11ba4182f80355ca2399285ce535da72afc33aeb185f195e74f392cf6ab0b581

SHA512
632a93777dc38628f1bee2a73be37cca32e79c9ad3390436fb7937f7eadace0dddabccd91ee3d840f1443d178bf73d6fdeac9906b8776e9f8ff0f001c185cf67

Download Submit
C:\Users\Admin\AppData\Local\Temp\KH3_9.exe

Filesize
35KB

MD5
c3c53b838fa904a29ed5aa556f2775ba

SHA1
da6e56ada1f2c68fa43ee259d371bc953d030981

SHA256
516953687634088fe20de33a21eaaf1a72ef0500ab313b06adceaf3ef7f47c3d

SHA512
be3f3bce63906788f38c3f79225d46f47e5497ff7cd77a5cf66304b9b8123806a287ecb4b345ac6a3a4414d61e1656d4e4e35936aea952febd3f35e74d30336a

Download Submit
C:\Users\Admin\AppData\Local\Temp\KH3_9.exe

Filesize
29KB

MD5
dee8dc4ca50cc41b825826b197a592f7

SHA1
7b11b0e1276f1e95ba9a3d92fb32bbaa7afd3050

SHA256
137891fff7d815aba78fcb76dbd75b2ffda3a5482e52db1960942c841b88923b

SHA512
cf6ea86828d883d31abe96f76091274d61915673e3233a3884ded198d15ecb97e45f70c9dc0dffd26d5367fce0cb62a17c6f960731950c114cd0435a62736da1

Download Submit
memory/2788-19-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2788-31-0x0000000000400000-0x00000000004E1000-memory.dmp

Filesize
900KB

Download
memory/2788-33-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/4216-4-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/4216-6-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/4216-2-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download
memory/4216-17-0x0000000000400000-0x00000000004E7000-memory.dmp

Filesize
924KB

Download