Overview

overview

6

Static

static

3

14843a6bde...8c.exe

windows7-x64

6

14843a6bde...8c.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    141s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 09:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    14843a6bde7577df301b5f92c770468c.exe

  • Size

    68KB

  • MD5

    14843a6bde7577df301b5f92c770468c

  • SHA1

    74aed7b4a3fc707d583aa00e8d791c9f4a18e108

  • SHA256

    e94ed36ab7aba59cebd61bded643879674a3993b330eb46610cf514a0552c872

  • SHA512

    83fe7d8d5266d193f6eb5daf143579b7f4f6dd743ff69a1215d57772cb9fb8331091c16bf551f105bbe682189b87e93458ca10e86675269ec6bd8037c8c333db

  • SSDEEP

    768:+7nqWQ9eGRIvbMNg3Eh+pV6cUWh5nqMWHdo:+7nqWFI14pV6kh5nqrHa

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\14843a6bde7577df301b5f92c770468c.exe
    "C:\Users\Admin\AppData\Local\Temp\14843a6bde7577df301b5f92c770468c.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2356
    • C:\Users\Admin\AppData\Local\Temp\14843a6bde7577df301b5f92c770468c.exe
      C:\Users\Admin\AppData\Local\Temp\14843a6bde7577df301b5f92c770468c
      2⤵
      • Enumerates connected drives
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2420

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JIH1AB02\AdbeRdr60_enu_full978O91VM.exe
    Filesize

    1.0MB

    MD5

    c05da0dc9ca2f5b94725614327fad62c

    SHA1

    fe8f2181641eb624fc6a3ea10c271ae9fa860111

    SHA256

    064e32735503ad0ddd48cf1f4bbf0c7e57e2497ed436752a6cceacf3a8e9c808

    SHA512

    dad368103475f3b02d47724305c7c129d63b66e94098aaa339fbffd3914604d1cfaa2e0a734976fa15445226b0595f7293f1a39701a686dcf0636abe7adb647b

    Download Submit

  • memory/2420-17-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-6-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-9-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-12-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-13-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2420-2-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-19-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-4-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-26-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-38-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-40-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download

  • memory/2420-46-0x0000000000400000-0x000000000040B000-memory.dmp

    Filesize

    44KB

    Download