e9eb7cb88aca7efbd28639bb2913f7530a3e3ce16e388af423b5c76faa7aff9a

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 20:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a8abf9d63a69e2bc522eb3eab8fc942.exe
Size

359KB
MD5

3a8abf9d63a69e2bc522eb3eab8fc942
SHA1

5485bafc5bfffa546fc86be1868a5e7a621e5c86
SHA256

e9eb7cb88aca7efbd28639bb2913f7530a3e3ce16e388af423b5c76faa7aff9a
SHA512

ce47b85045e099cbe9bd7abed97132fc3ee9cc16c7228adb2094e5eeaa80d446902e52cc696f8b8f6b647231f0a3d651f1d0fed76b6af5b5461c00e6be0cfe7a
SSDEEP

6144:ZgRyiIWQFpUv4/B+FrM144XlzKlUAzYYbuewX79GtPuB8PxwPh79i5s/CoS9iP6g:3iMCv45+uK4VKXknewr9GBY85wPTi5sv

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/816-0-0x0000000000400000-0x000000000050D000-memory.dmp	upx
behavioral2/memory/816-16-0x0000000000400000-0x000000000050D000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
816	3a8abf9d63a69e2bc522eb3eab8fc942.exe
816	3a8abf9d63a69e2bc522eb3eab8fc942.exe
816	3a8abf9d63a69e2bc522eb3eab8fc942.exe
816	3a8abf9d63a69e2bc522eb3eab8fc942.exe
816	3a8abf9d63a69e2bc522eb3eab8fc942.exe

C:\Users\Admin\AppData\Local\Temp\3a8abf9d63a69e2bc522eb3eab8fc942.exe
"C:\Users\Admin\AppData\Local\Temp\3a8abf9d63a69e2bc522eb3eab8fc942.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\3a8abf9d63a69e2bc522eb3eab8fc942.data0

Filesize
799B

MD5
0a3e26f192f27a66b704f09e4590a4c9

SHA1
6adec0de233d645907c8d14f481aa005ce8bee3a

SHA256
3a8c54a784836a10ba38b1aeac420f43cadc9120d0b7fe621e69e8465575199b

SHA512
e858e2481280ed4c880a0077de0b9ba7cd9de4421fb4a9d3b954030efa267a4fc6b8a69c34ff82bdeb327690029aca274bd87681f16e83af96b8a225886a3dca

Download Submit
C:\Users\Admin\AppData\Roaming\GetRightToGo\3a8abf9d63a69e2bc522eb3eab8fc942.htm

Filesize
635B

MD5
33f09577707d079a40f706a18e126d92

SHA1
0cef1f55b72a84e584a51e79a6787ea78d74a603

SHA256
e7f6bd122fcb829793f4047a5b929668b0a91ebfe31247b479586ec6d8f2b378

SHA512
5538c5b4e538a97796bfc412b3a81449931a9bbc1fa4e69500a0b30b35c1259bda857f392d85d87893999098bc88a432f28d2f699fadc295709a75b8113933cb

Download Submit
memory/816-0-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download
memory/816-16-0x0000000000400000-0x000000000050D000-memory.dmp

Filesize
1.1MB

Download