3c24d530dbb3c13439dae0b8c6629cda88707ce95dddbdcd2d462f801418c2a2

Analysis

max time kernel
156s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 22:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fb754dc7f977d97582cb8dce1e49c016.exe
Size

1.0MB
MD5

fb754dc7f977d97582cb8dce1e49c016
SHA1

99bc85366b5a9415a8d9dee6c8560249dd34e1ea
SHA256

3c24d530dbb3c13439dae0b8c6629cda88707ce95dddbdcd2d462f801418c2a2
SHA512

1ad9d6e490a687282294b0d68c709759660a4ea704fb71b1f873450c06399578c1b2140ef2a453fecc2796351431cf677769240f4b02491f1d5a57403e154f0f
SSDEEP

24576:zPqxmfxN1ixtiZy6MntoNXfRya9YST1oUrp3v:zqxUH4iZN80PsbST1D

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4752	fb754dc7f977d97582cb8dce1e49c016.exe
4752	fb754dc7f977d97582cb8dce1e49c016.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 2108	4752	fb754dc7f977d97582cb8dce1e49c016.exe	96
PID 4752 wrote to memory of 2108	4752	fb754dc7f977d97582cb8dce1e49c016.exe	96
PID 4752 wrote to memory of 2108	4752	fb754dc7f977d97582cb8dce1e49c016.exe	96

C:\Users\Admin\AppData\Local\Temp\fb754dc7f977d97582cb8dce1e49c016.exe
"C:\Users\Admin\AppData\Local\Temp\fb754dc7f977d97582cb8dce1e49c016.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Users\Admin\AppData\Local\Temp\fb754dc7f977d97582cb8dce1e49c016.exe
  "C:\Users\Admin\AppData\Local\Temp\fb754dc7f977d97582cb8dce1e49c016.exe" /_ShowProgress
  2⤵
  PID:2108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240665625\bootstrap_29789.html

Filesize
156B

MD5
1ea9e5b417811379e874ad4870d5c51a

SHA1
a4bd01f828454f3619a815dbe5423b181ec4051c

SHA256
f076773a6e3ae0f1cee3c69232779a1aaaf05202db472040c0c8ea4a70af173a

SHA512
965c10d2aa5312602153338da873e8866d2782e0cf633befe5a552b770e08abf47a4d2e007cdef7010c212ebcb9fefea5610c41c7ed1553440eaeab7ddd72daa

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\css\main.css

Filesize
4KB

MD5
6bda31ce007240d08489a7013c64bd9d

SHA1
1370e6a695be372426b847c047648bff9087aa33

SHA256
f09793f8f0bfbcc5086c3d212c507e134072043833f1f20e8e8201d73bde4207

SHA512
12ce995945f3b51ad35e34b4a3d8d563c5bd295296ee021010f4428fb105a1eb36ae77e361da9cc0a850d8629a99c48a68672b0fb0d7bd6dea8f9c4b07ea1463

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\css\sdk-ui\progress-bar.css

Filesize
506B

MD5
5335f1c12201b5f7cf5f8b4f5692e3d1

SHA1
13807a10369f7ff9ab3f9aba18135bccb98bec2d

SHA256
974cd89e64bdaa85bf36ed2a50af266d245d781a8139f5b45d7c55a0b0841dda

SHA512
0d4e54d2ffe96ccf548097f7812e3608537b4dae9687816983fddfb73223c196159cc6a39fcdc000784c79b2ced878efbc7a5b5f6e057973bf25b128124510df

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\images\BG.png

Filesize
26KB

MD5
9ae4e8f4f88b32cc958c274a025e0b46

SHA1
c7b9e9cff3a7260405a87a4ca4f45a72d2776bd0

SHA256
75493ad0114d4c977b0b4fe82f48d696bb15734cf2433d2521f0f7f261bbbda0

SHA512
a111b167cb87365fc03b696552308fc2e5b94ca569c367c6eeb97b3e0a24514b1cb2b42f885aefaa52235a3efef4086adb88217757aa93772bf2c76449ddd53e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\images\Close.png

Filesize
1KB

MD5
968a7588017d6fe1f5b99ca84352d6b2

SHA1
afa05048f27ee178c5152f196206e08c9c64754c

SHA256
973fa912d38fd720fc0b1c240c96d3e8f5f99a211e2e936854206fe5427f6314

SHA512
b5ea00689d72a4593f92cd823a094d15471b716913cfaba87887e0c132c479ca0d597b96951fa4f811a43492aa4d72debe9b8fd2966dafad68847a556e3df6dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\images\Color_Button.png

Filesize
1KB

MD5
359e3ea385ced3ea2fb7ff53169314d2

SHA1
d2945f781b945f2e8af9e20f12478a9096e85fc3

SHA256
b4176432d62aae5c4d25bf896c147203910faf3d8a14b512ecf6936ed72c9f55

SHA512
4eed41d3bbd341994ad2c7b71f42005c50202c9aedb6227c2e5c2abda880b81061164d85d9caf1bceedf185a0e41e5e5b6daebc028e70720b852bdee168104de

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\images\Games_Pics.jpg

Filesize
12KB

MD5
3d508e41c8e160e70b4f2e1a9a66b1bc

SHA1
900e64092e3849cf54bf61957e78d4d78faf612f

SHA256
1ca7924ab528b00d5508b442f15288043448a63f2860307253019d901f4f9d82

SHA512
40b0a138df819c09d8fd2b551cd4e5ee02480a6630f77676e52e4b48587447fc323d4d95553e6309e43f4abac9fb0a7f9e91632be50cd878fc870e395f0c6547

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\images\Gray_Button.png

Filesize
1KB

MD5
272b96321df5708e3088691d0edfae63

SHA1
0a4b85c33482fcea8a6e7c018d6b4fe3a9c4475c

SHA256
282c5388007c77f2df1e0635fb3603710c7ac852166fbacec0e4b2b42d77f64b

SHA512
a108e9ff8eef0b4c4fb230d1fa2f0b19abd38cc36825659760b8d7b884c7015f3f5be9845eea3d76178eeed706d54051cec4c26bbdd7b24906078019c0a42767

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\images\Progress.png

Filesize
1KB

MD5
d5227623956455829b3eb50e1acd09fb

SHA1
855ea588cb98a5920907418813882b5f31dc619b

SHA256
fb4ff2bb2a96b5371245196038d05c1ac910d112692bd37a1c26ef53c8b240c8

SHA512
5e35a8d0af3cecfab554d754fe8a7f74fa55d767747428f1cd8a6203e4ef203c2af23861fc1f6a8a09208251ba89a4f74c85d561754c8aedafa8e5ffd53f05e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\images\ProgressBar.png

Filesize
477B

MD5
830234f26fce01833c8f74f1829d7717

SHA1
38207d8cbf96b4e1a7d6182b7da4b25c31e538dc

SHA256
fa8bfed0f1e98d212938e307160d1c5b68f134f67ea0826b9f75f2284be9e2f2

SHA512
f4ab75c710c1eb287002a6640e0ec4c5061d2e921a49d1b5b37be5e83c217d77536a5754cca3b57d446c663b402377280c283d99d6b6667eaa7ff38b8a2e49e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ish240665625\images\loader.gif

Filesize
21KB

MD5
360281e85620142c3329848262da263d

SHA1
032ae1e422af859d78d172e918573fb0f55318de

SHA256
6c7d0d5402ebcf34cb6280473b4dac5966aae2a4bdadf80c796245663e2d9b55

SHA512
48ea37754839abce73898d29c6cb1ede20ac980dcd0b8c0f1274a690ea0bb44659129aba7581bd473ab7a735b7b9d08d6d041973bced4fe3fc0b70b3a73ec2a6

Download Submit
memory/2108-92-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/2108-93-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2108-100-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/2108-104-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/4752-2-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4752-119-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/4752-130-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/4752-0-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/4752-1-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/4752-91-0x0000000002400000-0x0000000002401000-memory.dmp

Filesize
4KB

Download
memory/4752-87-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/4752-88-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download
memory/4752-97-0x0000000000400000-0x000000000050E000-memory.dmp

Filesize
1.1MB

Download