Analysis
-
max time kernel
120s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
31-12-2023 00:13
General
-
Target
21483819ce2e9f6faf8600ba73cdc7ca.exe
-
Size
36KB
-
MD5
21483819ce2e9f6faf8600ba73cdc7ca
-
SHA1
b3c0d2c2da15ba43bd7d7127753ddcee2e83dfb4
-
SHA256
e175c2d8ac008c93f5c7ff3129782e6268fc8d974b9617199c4f520c136c6d3e
-
SHA512
c6f4491633d0c74d44f4ac8032d467788986c50da27c208bad634f893e63c4a51cccfeabb09f927a11a79d158b068f0f6b30a8922d5c51561d22ff1cb2406e15
-
SSDEEP
384:SwedYhDnXZKBCv/U/PcOH5vns0Pi1HBnWyEYFb0+OPqD4C6m9j+K0LzzwoU+U3Nb:SwHDnJKBIdG6ZOPeIsjJRSWlbqjy
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\21483819ce2e9f6faf8600ba73cdc7ca.exe"C:\Users\Admin\AppData\Local\Temp\21483819ce2e9f6faf8600ba73cdc7ca.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\2368.bat" "2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
217B
MD589175a68a34a9e2f2324e4cb3b71974d
SHA11bbcd0ab45da68051b57cb4cf186c544c85d2f38
SHA2569cbcbefa8ef4f1aecad4f6ea9807ef097db28a68954065bf4aa37fcf06be0bdf
SHA512d99762c647142b961f5a6197a11bab46b98cf6c85c84366cd7a75693530281ab0cfd29560683bab6d181a9aafc6360b280ab71cbad3f66722ffc69d28688ce3a