153c4ebfcd9ec2425ec4faa17e97c53fc33d7b35269911f5c4e8b731128f3a24

Analysis

max time kernel
126s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6fba7888b5fe2adca580c376056bb8bf.exe
Size

313KB
MD5

6fba7888b5fe2adca580c376056bb8bf
SHA1

ee26cb74f31aba1fef682a524de52230aa3a5b40
SHA256

153c4ebfcd9ec2425ec4faa17e97c53fc33d7b35269911f5c4e8b731128f3a24
SHA512

b0f1a693c5fcc5bc293648666a8a7f2f28fc6d6434c68cc159fe962c8af4c0dde4340aba2811d494a3f6cca10d645f3b9d923eda02b5aa38612012249a8629e1
SSDEEP

6144:nrK9uEo2S1YnQmCX492DkwNP3qpYFtcM7dZssr+Ixf6LuDTKD2ay9KGYG0LG:nryu6/eIo4vMResyEf0uP9d9UG0G

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1048	6fba7888b5fe2adca580c376056bb8bf.exe
1048	6fba7888b5fe2adca580c376056bb8bf.exe
1048	6fba7888b5fe2adca580c376056bb8bf.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	6fba7888b5fe2adca580c376056bb8bf.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	6fba7888b5fe2adca580c376056bb8bf.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1048	6fba7888b5fe2adca580c376056bb8bf.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1048	6fba7888b5fe2adca580c376056bb8bf.exe

C:\Users\Admin\AppData\Local\Temp\6fba7888b5fe2adca580c376056bb8bf.exe
"C:\Users\Admin\AppData\Local\Temp\6fba7888b5fe2adca580c376056bb8bf.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads