Analysis
-
max time kernel
140s -
max time network
176s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30/12/2023, 04:50
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
0f113e76ffc50c0fb5d289d41f251315.exe
Resource
win7-20231215-en
4 signatures
150 seconds
General
-
Target
0f113e76ffc50c0fb5d289d41f251315.exe
-
Size
56KB
-
MD5
0f113e76ffc50c0fb5d289d41f251315
-
SHA1
a9ffc24312bbe47340bdbbffc4032b6f027c655b
-
SHA256
b30134552157ddb44022af48256659302ff0b954c669ab8627fdbe1e645c993e
-
SHA512
cc4643a5729d4a2ca52635e098c8747ad2c0587d3cc13c75f2bb57a1395e17f487f65310df93700bc0f6e2a41660c23a8a465067c458330af1b12b679ec02478
-
SSDEEP
1536:98Qa7QrTUBJXu+W91JzD+QtwadpwsV08E:WQJHWg+W91JaadpwsFE
Malware Config
Signatures
-
description ioc Process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA 0f113e76ffc50c0fb5d289d41f251315.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File created C:\Windows\6YGYB.exe 0f113e76ffc50c0fb5d289d41f251315.exe File opened for modification C:\Windows\6YGYB.exe 0f113e76ffc50c0fb5d289d41f251315.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 3080 0f113e76ffc50c0fb5d289d41f251315.exe 3080 0f113e76ffc50c0fb5d289d41f251315.exe 3080 0f113e76ffc50c0fb5d289d41f251315.exe 3080 0f113e76ffc50c0fb5d289d41f251315.exe 3080 0f113e76ffc50c0fb5d289d41f251315.exe