Overview

overview

3

Static

static

1

08e57a269a...65.exe

windows7-x64

3

08e57a269a...65.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    4s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 00:43

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    08e57a269a3479a7417ace82e0560d65.exe

  • Size

    1.6MB

  • MD5

    08e57a269a3479a7417ace82e0560d65

  • SHA1

    5635aed8464092c34c5591a78e206d5840417395

  • SHA256

    132bddbcd40f6c3164cf7aef6ac3c0869286dccb70ecb061d796721047a5cca7

  • SHA512

    66b3555a6655ba26c933ad40500b4b77dc88d16f4731e8c9716761724f3710a36fb4666f452418ad90429716e3edcfa144a5d50f6d5309a5fac80acd01d04ec6

  • SSDEEP

    49152:XZgu8rAi+3USz3h1/XBkThdTlpSuxQxN9dT4S91:XGIjR1Oh0TB

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\08e57a269a3479a7417ace82e0560d65.exe
    "C:\Users\Admin\AppData\Local\Temp\08e57a269a3479a7417ace82e0560d65.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    PID:2176
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\21483.bat" "C:\Users\Admin\AppData\Local\Temp\687283ED8C9B46B5BB25BEE3B2C816E2\""
      2⤵
        PID:2936
        • C:\Windows\SysWOW64\PING.EXE
          ping 1.1.1.1 -n 1 -w 1000
          3⤵
          • Runs ping.exe
          PID:2648

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\21483.bat
            Filesize

            212B

            MD5

            668767f1e0c7ff2b3960447e259e9f00

            SHA1

            32d8abf834cce72f5e845175a0af2513b00504d8

            SHA256

            cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

            SHA512

            c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\687283ED8C9B46B5BB25BEE3B2C816E2\687283ED8C9B46B5BB25BEE3B2C816E2_LogFile.txt
            Filesize

            1KB

            MD5

            e0fadd50da2d6fa2a17efd53a90f4b7f

            SHA1

            defa4dde538c7b6d444a6c1e55ae9b674ef13234

            SHA256

            680885a31b733938fb4b245e432f230ffa1d2e59aca36d3de6b2442b6df14a9c

            SHA512

            c162940df28c14f599a4c1d746abd72384fbd523b117349387ab7a8180b87872f648a8fddbae07b46805da00922444cb4bf7c2763c58bfb4ebc55d9837722e29

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\687283ED8C9B46B5BB25BEE3B2C816E2\687283ED8C9B46B5BB25BEE3B2C816E2_LogFile.txt
            Filesize

            5KB

            MD5

            91c2b243eb0a5857e366247ad0144f0c

            SHA1

            b320ace30c50167b3040dd7a8819fba674915914

            SHA256

            a5923b4b7d99f101972623e1a8a4117131856bb1f7a960fa875bc8779b60459f

            SHA512

            9726405336d302579a42281bb78e883dc56e6d4806911eadc0415275a2fd7a9695149cace29716bad3fc7153b04cd5252eb8321bae2f19100e110c9caf65f01d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\687283ED8C9B46B5BB25BEE3B2C816E2\687283~1.TXT
            Filesize

            42KB

            MD5

            b9faca06bbe12c05ae4b23d034476496

            SHA1

            c50c9552ce1b5d0e119dc8c466a832b238239bb3

            SHA256

            e08712a7a23be06aa5ba839a8ade6caff081f28f8453628bada47562d75eecae

            SHA512

            c85f60f3fab67edb6f54902fccea17946590bb8d4e7745197663471121be238efb5c9cf099a3f8a106e3db9dae28d8af9133a50104cab76ccc7d9176dbe00f6f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\CabD2EB.tmp
            Filesize

            4KB

            MD5

            f0a648bb0d6d90b4fe693866339e4087

            SHA1

            289554c4a65879c300038b49c58b32013a78f1be

            SHA256

            8f6ebf172dfda1c376fb314ba9c2cde29ae52c0969edbce01e6de86eb94cb1f4

            SHA512

            59a5602a89e06bd018445b2e6368c41ad7bc435946d0a8d27ced79ca735e0dda6e1c76b4bb0682b526b63af7cfd59b8fd1d11ff048260fc48010084884a0196d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\TarD445.tmp
            Filesize

            115KB

            MD5

            93de636c87425ae363b393724d4b9fb8

            SHA1

            8fb5eafa8dbbcaa84cbe5968b3b70bcd90297635

            SHA256

            eb854dadee72e6b2acee1bf45ea1ff49465bc67bcc7f25e3950f830c6e5f4d48

            SHA512

            dbd5c998ee936641d4296f88bbb7a401073e8cc7d7056bef507d703defce64da2bc3211eb01bb40982ada68d9d0b79254218454b6b3d730499b38f20c7b4f989

            Download Submit

          • memory/2176-63-0x0000000000C20000-0x0000000000C21000-memory.dmp

            Filesize

            4KB

            Download