Analysis
-
max time kernel
143s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
30-12-2023 04:53
Static task
static1
Behavioral task
behavioral1
Sample
0f24e9422466a1ae11a664e0bb3e7b03.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0f24e9422466a1ae11a664e0bb3e7b03.exe
Resource
win10v2004-20231215-en
General
-
Target
0f24e9422466a1ae11a664e0bb3e7b03.exe
-
Size
270KB
-
MD5
0f24e9422466a1ae11a664e0bb3e7b03
-
SHA1
b6f88471f8a71a01edba79723a42e4ca35e721ed
-
SHA256
24817284c1d9287ff4268e087f653060dd00a6dc30518d69867d0f9f052bfe4e
-
SHA512
cd2012312b558f309dd5806bd79576116e938a187b32023372c6223e0cb61f4b42c689395949570cfd79ab35ae00c7dac3ef9143c731e85a2db341b7bee84e8c
-
SSDEEP
6144:SsconR6l+OSKOtom4fEGEsQB6izc1BfCdNpnmbzzLZh9oN:uo0lV+oDfEhBlkULnSzXZg
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 20 IoCs
pid Process 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe 2680 0f24e9422466a1ae11a664e0bb3e7b03.exe
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
490B
MD504be98b16adf3e9800652ffec04eea4f
SHA13fa6dbbdbec89841d0eba9366be3242757e9cc27
SHA256f8c2da4f81ac4deb4b328ef9d3997d586d8bf149670e9eb2dca88a043d05b218
SHA512bf561a7cc52c8eb646e0b43cee25ed90fa6d8dcab536391e7969aa974704b62f23720330bb64177014df62a7f178277da810af85bb557b3c4fbb2e73b1ba7c45
-
Filesize
1KB
MD56a31988419e9f86f6468d0b6e6de4bc4
SHA119feda0094233eb69bb838c6dac8d3dbe2f99d58
SHA2560e0861ab5d8ccba46cad1f81a1dec4f7f33da62a9cc41592278ecf02f3f02acf
SHA512235096ae06e7c09c6e58859d67da335a22d03be1f675a059033998bb3e35e18296af95895bdc553a932b8b0b15ee664d1dfd1199f3b9a5ee32445e3994520332
-
Filesize
1KB
MD56283fc25a2162ba42bc9d11db7f04bd2
SHA11a319350c250de11a7e48026982e785fc571b5ca
SHA2563e7b97abbdd35ee30b3a439e177a44de5441a8bab06a9e4dddc378ff5c2a22c7
SHA512ffe92d5508b1505299512ffaae438ecc6714b8520fe78c25ac6083a3e80a44113b236e05c65c46ced409a639c420d0b23499279abd0aecaaa74991772a95a2ed
-
Filesize
11KB
MD5c17103ae9072a06da581dec998343fc1
SHA1b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d
SHA256dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f
SHA512d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f