abf9d15bdb0be1ca757991160286bfa302a55c964930878d7cdeba77d15d2918

Analysis

max time kernel
3s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 20:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f601666ae809e043bdb7da8768dc73ca.exe
Size

240KB
MD5

f601666ae809e043bdb7da8768dc73ca
SHA1

4727f659fdafd7edbe2b5ae3426e7274d0d71f9c
SHA256

abf9d15bdb0be1ca757991160286bfa302a55c964930878d7cdeba77d15d2918
SHA512

c9bbd142123ff7d3b82ffe29c3400abad41b3bab01a1333197f2a404ed635bf33a9a5842fcf1034888dcd3189907e90fccef2ed4a1d493fe5739ba0be6e49cd3
SSDEEP

3072:akNFT8j6VlpvBd90i/SmWKLi7CjFSivnfu3fbMdozt5cz+G1:ay0UGKGkFRKfeoztOH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4956	f601666ae809e043bdb7da8768dc73ca.exe

C:\Users\Admin\AppData\Local\Temp\f601666ae809e043bdb7da8768dc73ca.exe
"C:\Users\Admin\AppData\Local\Temp\f601666ae809e043bdb7da8768dc73ca.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4956
- C:\Users\Admin\voiox.exe
  "C:\Users\Admin\voiox.exe"
  2⤵
  PID:1884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\voiox.exe

Filesize
32KB

MD5
cf6103f57cd5e02d8d7dceef08e7cd04

SHA1
2de51b37cd4728dfba91db8263e299e7fed2d323

SHA256
1440956e72718cce2f850392990d4796f12dbb3fb5e944fefccc020477ba77f8

SHA512
a1ec6e7432617c5754c80da70590c571cfeb343deb9155a3c5d24fe836b04642b46524df1cb6988e5ffb1329d2b33cd4810afa3ca4c38f756911b5211bce6763

Download Submit