Analysis
-
max time kernel
52s -
max time network
148s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
30/12/2023, 13:49
General
-
Target
1a8e24fc6069af2b6af68922e69e90d6.exe
-
Size
28KB
-
MD5
1a8e24fc6069af2b6af68922e69e90d6
-
SHA1
033401eaa5e8858cf8d23149fd8d44b1c307db7d
-
SHA256
4fc440b6eab1c9eb9b9b354d37a96af0e3553bb63463cfa75a0cdf21f24e6827
-
SHA512
b1ee23b8174efb261d69c48c98e4152f47fb5ef4980fd9cf0e4d26d441ef82afccaf2ebf2e96871590e098f425b73a8d4668e8ecc6cfb31b87a9a5e663ee202e
-
SSDEEP
384:fJnFv7fcsSM+MyXyq/AvBDrrt5WXquvQoJBpqNYEu:x5LcQ+PCq/qrWXxlpE
Score
7/10
Malware Config
Signatures
-
Drops startup file 2 IoCs
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 16 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Windows\winlogon.exe"C:\Windows\winlogon.exe"1⤵
- Drops startup file
- Executes dropped EXE
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\1a8e24fc6069af2b6af68922e69e90d6.exe"C:\Users\Admin\AppData\Local\Temp\1a8e24fc6069af2b6af68922e69e90d6.exe"1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
28KB
MD51a8e24fc6069af2b6af68922e69e90d6
SHA1033401eaa5e8858cf8d23149fd8d44b1c307db7d
SHA2564fc440b6eab1c9eb9b9b354d37a96af0e3553bb63463cfa75a0cdf21f24e6827
SHA512b1ee23b8174efb261d69c48c98e4152f47fb5ef4980fd9cf0e4d26d441ef82afccaf2ebf2e96871590e098f425b73a8d4668e8ecc6cfb31b87a9a5e663ee202e