c607874b368fff6c26292126aeac27da8fcaecee807a8da0550f3d8bc7580a80

Resubmissions

29/11/2024, 09:17

241129-k87csaxmcx 10

28/12/2023, 10:04

231228-l37xsschf2 3

Analysis

max time kernel
0s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 10:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

em.exe
Size

2.5MB
MD5

ef18fa16022ae67b86b21bb1aa145fc0
SHA1

90aa33fcd1407fc9c672a0b00a3c9c3c2735984f
SHA256

a8eea05d025c95fa51597a49564806ddfbadc635bc407c25b04059a1cdc5555a
SHA512

088d7924ffb0f160cccd898f9cca91c410d8b82705f1488fdc3e392437b364a5bf6b11f7c52235e40726eeaec9974eea2f5f75dd5eb17c15a17f3a0ee20fd32b
SSDEEP

24576:JnsJ39LyjbJkQFMhmC+6GD9jk7UHhd1IvGGC0qsu/:JnsHyjtk2MYC5GD7BkGGC0M/

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\em.exe
"C:\Users\Admin\AppData\Local\Temp\em.exe"
1⤵
PID:2640
- C:\ProgramData\Synaptics\Synaptics.exe
  "C:\ProgramData\Synaptics\Synaptics.exe" InjUpdate
  2⤵
  PID:3700
- - C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe
    "C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe" InjUpdate
    3⤵
    PID:2072
- C:\Users\Admin\AppData\Local\Temp\._cache_em.exe
  "C:\Users\Admin\AppData\Local\Temp\._cache_em.exe"
  2⤵
  PID:4248

C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE
"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" /automation -Embedding
1⤵
PID:440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Synaptics\Synaptics.exe

Filesize
63KB

MD5
8da4b40e3ed078bbe8cc840ccf1b8b4f

SHA1
5bdfc09498b3c6352cdbad4087ed047cfeffbe22

SHA256
6f67194efc06340ed1f2f95ea0693e698da7beac9c039f907ac0817788760acc

SHA512
dd5f52e2658ece2c0dcdf885d0699de598caa06f9681127526a46de28081e02a20fca0d62e1643613749d0aedb56459b609a2e0f592d4de35472e9ba313afdac

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
65KB

MD5
bd05f29837365922433c7f9bad929270

SHA1
d2e4da864aef2150c74ad451a9a51583a2da6023

SHA256
3dbdd63f2068324e8a13ea5a77536e299fed668b845a50ec30e03c6d4bc387e6

SHA512
eb471caa99e5fe161d9095895ba17cc84a7bd919f4aed35d41f6afd9032ffb36ca135b805bc90b466d9bd1e9537ec3777d4dcf8a0cbf8b66cd1dc2b916cf0463

Download Submit
C:\ProgramData\Synaptics\Synaptics.exe

Filesize
29KB

MD5
509811e723ee6a76aa3207901b75c9a6

SHA1
7792dc599b610d3cfc2f683db84bee01f114fc8b

SHA256
2472bf0e11d7f03942394a10362da53cd25de5ef54b93564cbb0467bf7b00845

SHA512
9b6d06059345646668931fc0eb50c405e2de2508626b412aee2ac44e3bc31f060b88ac2aef5e83cba396647c908c574391f6b534195fed487a47d80695be0c62

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

Filesize
228KB

MD5
0a6dd8aa5dd21f0cba4174b51ceff65f

SHA1
69763f6f84b11873048b59f305fa37d81e9870b8

SHA256
01f58e0025dcaf4dae85abebcf2c4b423717ebcd4021c54683c171445a01a8be

SHA512
a4ba28ca22e8347dac357af6301e8d3e01cbd9c4816790c33b7882f8dcdebe952b004af18f84cc53f044296dc532db988a6767f5d49e5e9638a6909af0e52816

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_Synaptics.exe

Filesize
14KB

MD5
00de77a5c428f9bcb5b0091eb6c7de97

SHA1
4ed4b40597752bb6bc3df095df3cd825bd6ae43f

SHA256
0f7407adeeffb9495680d64a2efc4789a099a5d46f75b1b231ad5584d0cba935

SHA512
aef4544ef09ffe8412e836a16b6fcdbb023756c43ad15515eb49c808bd602da04e5a6b75b67ece66ad7952e644043da0eff9879864da0afe1fbf167c41992698

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_em.exe

Filesize
62KB

MD5
7a1b6d35c81cb9e08a95e883388df7c4

SHA1
41c3077c605fb49ae282ef3ee3ff3f47e5920338

SHA256
493408f619988d16b255050e168e46b3c4a95174cffe37bf0fcc7ecaf0571c30

SHA512
8b73da05cec2b1936104ac98b553f9407a76284577da0277f9fb835a664eeda09017bebf37d6afdfab7aa4df907b014edf4c1a561642aaf5f01442ce92cd59d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_em.exe

Filesize
12KB

MD5
56e7a8b337c486ec2de1119c89b72c96

SHA1
38a6c04d984eca195b31fc2a2d813c133baecc90

SHA256
a41e14138be3c4dd962c40e52c1def41a0b1883838b99407d4c4c8e754f74823

SHA512
b891e8b3ccd161a37ea3528b7a5a72cec79cdfccb56133fdbe50d37ed38b0f2180d78228cb4709e2a5aee92aecfa7b3b6af8443ad67cc81215246f704d794f90

Download Submit
C:\Users\Admin\AppData\Local\Temp\._cache_em.exe

Filesize
147KB

MD5
fde5ccd2975b4a4d689494f3849cf5f6

SHA1
1eabbe15e7283ce8d2a00aaba8023af049323782

SHA256
9e8dffadf959bffc76d655b4ac83d9a600d62f9ad6159ee382aa1d7b6516b4d5

SHA512
5d4ea9aafc9145266bc0bb1bc5f54b09a74b4549aa37b534218cc528904682be8334f97135556ed3b52ddb9c7d78310c2078beb5fc37f41c054e0bc3dbc5507b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kq1p1GFR.xlsm

Filesize
17KB

MD5
e566fc53051035e1e6fd0ed1823de0f9

SHA1
00bc96c48b98676ecd67e81a6f1d7754e4156044

SHA256
8e574b4ae6502230c0829e2319a6c146aebd51b7008bf5bbfb731424d7952c15

SHA512
a12f56ff30ea35381c2b8f8af2446cf1daa21ee872e98cad4b863db060acd4c33c5760918c277dadb7a490cb4ca2f925d59c70dc5171e16601a11bc4a6542b04

Download Submit
C:\Users\Admin\AppData\Local\Temp\em.rtf

Filesize
1KB

MD5
c603bd2e8a6141c382436803428b2619

SHA1
3755a2e6f6ceea65f73517895b51ef56e8365f21

SHA256
d02a062a02a16ca83b609454eccb3fdf39a009789a7843a4ef61bb31f73351fe

SHA512
85fd90b7db4894f8066e9c5c0185b6bbe3d4edcee1bb35203894ed6aaaa3fbad789bb0889cb04573ee05799142f341556e5f178a0280c42bd2b50381c189e35b

Download Submit
memory/440-144-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-148-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-149-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-152-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-156-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-158-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-160-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-159-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-157-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-155-0x00007FFCCC840000-0x00007FFCCC850000-memory.dmp

Filesize
64KB

Download
memory/440-178-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-154-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-153-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-151-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-150-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-145-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-147-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-146-0x00007FFCCC840000-0x00007FFCCC850000-memory.dmp

Filesize
64KB

Download
memory/440-143-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-142-0x00007FFD0EB30000-0x00007FFD0ED25000-memory.dmp

Filesize
2.0MB

Download
memory/440-141-0x00007FFCCEBB0000-0x00007FFCCEBC0000-memory.dmp

Filesize
64KB

Download
memory/440-140-0x00007FFCCEBB0000-0x00007FFCCEBC0000-memory.dmp

Filesize
64KB

Download
memory/440-139-0x00007FFCCEBB0000-0x00007FFCCEBC0000-memory.dmp

Filesize
64KB

Download
memory/440-138-0x00007FFCCEBB0000-0x00007FFCCEBC0000-memory.dmp

Filesize
64KB

Download
memory/440-137-0x00007FFCCEBB0000-0x00007FFCCEBC0000-memory.dmp

Filesize
64KB

Download
memory/2640-101-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/2640-0-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/3700-102-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/3700-175-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/3700-177-0x00000000021F0000-0x00000000021F1000-memory.dmp

Filesize
4KB

Download
memory/3700-184-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download
memory/3700-200-0x0000000000400000-0x0000000000693000-memory.dmp

Filesize
2.6MB

Download