23133cd2350b731d420872e5b4639fa97b81e3474213f6beb3a740daba170f56

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 14:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

74ab39c16e1900bea027b2801e123f52.exe
Size

323KB
MD5

74ab39c16e1900bea027b2801e123f52
SHA1

5a99b0313c6481c7867695ace6c534cc8fd0caf7
SHA256

23133cd2350b731d420872e5b4639fa97b81e3474213f6beb3a740daba170f56
SHA512

35e2e693d6d4047c43d238a239372fee91a587bfee80b00e2157418b6457b43206ca316d169e5a06ef9ddbc34d3d2d80b0fccdde1baf85b3fd1b3325f3445426
SSDEEP

6144:IrV99uEo2S1YnQmCX492DkwNP3qpYFXTqttBv2tHlzLkFyhFOY4vHSMrQ:IrVDu6/eIo4YOtEyc55Mk

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1864	74ab39c16e1900bea027b2801e123f52.exe
1864	74ab39c16e1900bea027b2801e123f52.exe
1864	74ab39c16e1900bea027b2801e123f52.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	74ab39c16e1900bea027b2801e123f52.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	74ab39c16e1900bea027b2801e123f52.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1864	74ab39c16e1900bea027b2801e123f52.exe
1864	74ab39c16e1900bea027b2801e123f52.exe

C:\Users\Admin\AppData\Local\Temp\74ab39c16e1900bea027b2801e123f52.exe
"C:\Users\Admin\AppData\Local\Temp\74ab39c16e1900bea027b2801e123f52.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
PID:1864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tsu30A35B09.dll

Filesize
269KB

MD5
af7ce801c8471c5cd19b366333c153c4

SHA1
4267749d020a362edbd25434ad65f98b073581f1

SHA256
cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

SHA512
88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DFAD64AF-9DB1-4520-A7CB-D593044E4659}\Custom.dll

Filesize
91KB

MD5
c9d3d86ee95ae4d20c80de9ddaa8fa40

SHA1
5f0546ec86f3e27f0eec4d5d5451edc630907654

SHA256
b34ca5ec63459956e72289b6b1d85891377c4ef451b48f42d92ab7d1aad117a9

SHA512
ea895f339e31432497401782a17275cecda18286a158ad191dc1a5c2c3c541205c679689a74ff46c4e4861c7e6d87bf862e54049b419675cadaeea76c400b186

Download Submit
C:\Users\Admin\AppData\Local\Temp\{DFAD64AF-9DB1-4520-A7CB-D593044E4659}\_Setup.dll

Filesize
175KB

MD5
b50ef7592becdbd232a98bc443c7594c

SHA1
dd54aac32e72acd02d3745336906ce17c37bf04e

SHA256
c7a3f4d7920add808451d9d043a168ffe86f2e6f829ef9fba26a22ec85b53da2

SHA512
6311d6c26e15d03e0f9f2fbdf009fda326855a8330a8758bb693f525391ea794fc13b923b77cbb42ecf9accd5532db399752f1c81b3193819586f67588930a0b

Download Submit