Analysis
-
max time kernel
147s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29/12/2023, 23:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
06e844803c6967e7a6d2c6e06b7cd2d0.exe
Resource
win7-20231129-en
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
06e844803c6967e7a6d2c6e06b7cd2d0.exe
Resource
win10v2004-20231215-en
3 signatures
150 seconds
General
-
Target
06e844803c6967e7a6d2c6e06b7cd2d0.exe
-
Size
984KB
-
MD5
06e844803c6967e7a6d2c6e06b7cd2d0
-
SHA1
a8196ba24720f65d0a4dc37c2762d30fede47cbd
-
SHA256
d12538eb8e2954bfc67cf14114982cdbb400ba5c25c82332d75bf423294e3e67
-
SHA512
6c229be0b1eb1597c637c76d6302064442f5de8e0079470668d72627cc56cd55c0feeebb222f6e3e16fb38a8be41dadbc200fbe3d75c6cab6edc43827fdcce72
-
SSDEEP
24576:DKpHUmzE0Wzo9AlXvtGXzIrvdTka9PG5Lo6qX8Jp8Zixl4M:mamGoylXvtG2iU
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-3627615824-4061627003-3019543961-1000\Software\Microsoft\Windows\CurrentVersion\Run\ctfmon.exe = "C:\\WINDOWS\\system32\\ctfmon.exe" 06e844803c6967e7a6d2c6e06b7cd2d0.exe -
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\D: 06e844803c6967e7a6d2c6e06b7cd2d0.exe File opened (read-only) \??\F: 06e844803c6967e7a6d2c6e06b7cd2d0.exe -
Suspicious behavior: EnumeratesProcesses 51 IoCs
pid Process 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe 2824 06e844803c6967e7a6d2c6e06b7cd2d0.exe