76ed3c2d6269a882b2046bdde810a8abbbc7b938fdd72e2c431c198dfb4b40ff

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 10:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68506472291b09e61f02fb3713bc0bd0.exe
Size

1014KB
MD5

68506472291b09e61f02fb3713bc0bd0
SHA1

f939581a6dd8d9104f3bde7503500b9d252d3c46
SHA256

76ed3c2d6269a882b2046bdde810a8abbbc7b938fdd72e2c431c198dfb4b40ff
SHA512

0601f20bd9b3586bb66852ddea8aebce526f7f263694b05a2b92a2f1e1956c34583c8d4bb87bfda8e9de492b6bacb4ecdea1fda8fe1d2762f667bc54e61939fa
SSDEEP

24576:gRmJkcoQricOIQxiZY1WNt+xcgCVoUJOZFiWXkgWa:VJZoQrbTFZY1WNt++gCVoUJQAWX1

Score

5^/10

Malware Config

Signatures

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/2024-0-0x0000000000400000-0x00000000004AF000-memory.dmp	autoit_exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2024	68506472291b09e61f02fb3713bc0bd0.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe
2024	68506472291b09e61f02fb3713bc0bd0.exe

C:\Users\Admin\AppData\Local\Temp\68506472291b09e61f02fb3713bc0bd0.exe
"C:\Users\Admin\AppData\Local\Temp\68506472291b09e61f02fb3713bc0bd0.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\superautoscript\scriptperso\zoometendu.scr

Filesize
8B

MD5
37cc0387b1bfaf141132bbfdee303267

SHA1
a39e40a97137e81ed0e7c1ca474ee3ba709dcf7b

SHA256
3706c6c14460ab1db5c73acbcd6dec3f63210df0cc6a382bbe7155c4cced8091

SHA512
e3c4064432379e65114082cdedd60796d21994a0da4d5fb91cdda19d2a05ff86eb1e380649c6b9bc670a45c53162b6c485d965caa3da6252c3ccf05d0f5b5ae0

Download Submit
memory/2024-0-0x0000000000400000-0x00000000004AF000-memory.dmp

Filesize
700KB

Download