Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
30-12-2023 08:28
General
-
Target
136f1cecf1059eb93c0744b2a3f530e5.exe
-
Size
160KB
-
MD5
136f1cecf1059eb93c0744b2a3f530e5
-
SHA1
84beb7ae17f3464f0d09d58a87774f8659184a6e
-
SHA256
7a89bb49e6e2ac08c647ff2d944dbf4b32e193572135762f67c3c11d40565e8a
-
SHA512
c4fe808f23171b548638071457c11b06130c877eee0a61d07e1e269dc667caeb57e4355555bdf041bd3bd00f1ecadafd949cb1cb43b536acf309bc411d4a27d8
-
SSDEEP
192:Jn+3TKbYsc0s1kaGe1v9EH9utbz+H7/Qb47GERu2poa1eO1j:Jn+3TKMH0s1tGe1v9EHObzp45z1
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\136f1cecf1059eb93c0744b2a3f530e5.exe"C:\Users\Admin\AppData\Local\Temp\136f1cecf1059eb93c0744b2a3f530e5.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\136f1cecf1059eb93c0744b2a3f530e5.exe"C:\Windows\136f1cecf1059eb93c0744b2a3f530e5.exe"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
160KB
MD5136f1cecf1059eb93c0744b2a3f530e5
SHA184beb7ae17f3464f0d09d58a87774f8659184a6e
SHA2567a89bb49e6e2ac08c647ff2d944dbf4b32e193572135762f67c3c11d40565e8a
SHA512c4fe808f23171b548638071457c11b06130c877eee0a61d07e1e269dc667caeb57e4355555bdf041bd3bd00f1ecadafd949cb1cb43b536acf309bc411d4a27d8