c607874b368fff6c26292126aeac27da8fcaecee807a8da0550f3d8bc7580a80

Resubmissions

29/11/2024, 09:17

241129-k87csaxmcx 10

28/12/2023, 10:04

231228-l37xsschf2 3

Analysis

max time kernel
0s
max time network
135s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
28/12/2023, 10:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

em.exe
Size

2.5MB
MD5

ef18fa16022ae67b86b21bb1aa145fc0
SHA1

90aa33fcd1407fc9c672a0b00a3c9c3c2735984f
SHA256

a8eea05d025c95fa51597a49564806ddfbadc635bc407c25b04059a1cdc5555a
SHA512

088d7924ffb0f160cccd898f9cca91c410d8b82705f1488fdc3e392437b364a5bf6b11f7c52235e40726eeaec9974eea2f5f75dd5eb17c15a17f3a0ee20fd32b
SSDEEP

24576:JnsJ39LyjbJkQFMhmC+6GD9jk7UHhd1IvGGC0qsu/:JnsHyjtk2MYC5GD7BkGGC0M/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\em.exe
"C:\Users\Admin\AppData\Local\Temp\em.exe"
1⤵
PID:2536
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  PID:2164
- C:\Users\Admin\AppData\Local\Temp\._cache_em.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_em.exe"
  2⤵
  PID:2052

C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
"C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
1⤵
PID:2580

C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
"C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" /automation -Embedding
1⤵
PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\._cache_em.exe

Filesize
36KB

MD5
4db06b884f1c3d06ce6bbdd53bc19936

SHA1
3c4595e0467239025ed05d51f7ca4a1e92e1f08e

SHA256
989a0e02c2ac5df0fdb1a93cf46efc465c22b247606f8ca1c0f06834440819de

SHA512
8e40f7855d95deb664009aef850661a46377af8aa1a41efacf2dba75331bc0193a98ca6f7a7437cd632ca2e31a5ae77a3e1fbf5f1049b2e78d7b97326d28c60a

Download Submit
\Users\Admin\AppData\Local\Temp\._cache_em.exe

Filesize
92KB

MD5
a12567be5a0b9456b61d81bd699855e2

SHA1
39b2978bb1e2d81c21398848c999629b506f5587

SHA256
833ccfa5d2f604ca659ae405b5996943f8ecaf577019beda88553b7de1e27052

SHA512
ff790b421f709aede2c00e43f5704d8b917484515bfcdffaf5d4120d4f3ff0335e4479dbdbac586f76d22c089fbc4d250df75f89501728b7dd2d4df34f399d60

Download Submit
memory/2164-60-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2164-26-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2164-58-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2164-66-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2164-108-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2164-111-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2536-25-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2536-0-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2716-37-0x000000005FFF0000-0x0000000060000000-memory.dmp

Filesize
64KB

Download
memory/2716-38-0x000000007220D000-0x0000000072218000-memory.dmp

Filesize
44KB

Download
memory/2716-61-0x000000007220D000-0x0000000072218000-memory.dmp

Filesize
44KB

Download