66e92baf8dd8c64fbffe1353b713d2b9b0d5986d66caada66f65379889510104

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 11:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

16bcc082eda1c8221b791a4d47f31758.exe
Size

418KB
MD5

16bcc082eda1c8221b791a4d47f31758
SHA1

c818ab18b034652a086a80b32f7cb430fa934acd
SHA256

66e92baf8dd8c64fbffe1353b713d2b9b0d5986d66caada66f65379889510104
SHA512

f2db83f51e6fcba8c43770e326cf2aa429e169e67d879c163998264b709c9d39743951875968bbdcf227a774a7896e1f063f38303de57ccb60ea3c2ac809a08a
SSDEEP

12288:UJ1BIyL8J/vvFVtcOOc3G/NdWxCS3G4EnaT9jgiy:ULk/ZSWxCS24EnaTJg

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exe.lnk	16bcc082eda1c8221b791a4d47f31758.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe
4884	16bcc082eda1c8221b791a4d47f31758.exe

C:\Users\Admin\AppData\Local\Temp\16bcc082eda1c8221b791a4d47f31758.exe
"C:\Users\Admin\AppData\Local\Temp\16bcc082eda1c8221b791a4d47f31758.exe"
1⤵
- Drops startup file
- Suspicious behavior: EnumeratesProcesses
PID:4884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads