23addc13f3812ee05a1e0184067bdc779933f55279eebf67522ac4915806a14e

Analysis

max time kernel
3s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 00:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21757473cd0ddb61f2b6b429f198e3f0.exe
Size

479KB
MD5

21757473cd0ddb61f2b6b429f198e3f0
SHA1

99414bc4e1fd6b1d5938d644de641a2fddd1d3fb
SHA256

23addc13f3812ee05a1e0184067bdc779933f55279eebf67522ac4915806a14e
SHA512

02dca8e0755241def380019a236b2cc56d51df1547522a76f8b3a082fc12e024679328895d67b1ca8e4b168e42434a8d95a9ed5faf5db19726310b643c14f5f9
SSDEEP

12288:rtOzkjUBvCkfmvz756FGtkeSUknzp7tRuvftbOb8:RwkjUV5a75G0OtXggb8

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2716	21757473cd0ddb61f2b6b429f198e3f0.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	21757473cd0ddb61f2b6b429f198e3f0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3484	2716	WerFault.exe	16

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2716	21757473cd0ddb61f2b6b429f198e3f0.exe
2716	21757473cd0ddb61f2b6b429f198e3f0.exe

C:\Users\Admin\AppData\Local\Temp\21757473cd0ddb61f2b6b429f198e3f0.exe
"C:\Users\Admin\AppData\Local\Temp\21757473cd0ddb61f2b6b429f198e3f0.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Suspicious use of SetWindowsHookEx
PID:2716
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 2252
  2⤵
  - Program crash
  PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2716 -ip 2716
1⤵
PID:4188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IM_538E.tmp\ActionEngine.dll

Filesize
4KB

MD5
344f8c5338d4c5889dbb2be7616e2434

SHA1
a03cabd0602b9dd0f4c2b1f986986c63e3912de7

SHA256
10c7e6b94e1761a54a88e8e9464a1f89ab691640f412edb229793ea6dba3e4a2

SHA512
791e345d46294e18aa7dd23d114d6638f53a186be4431fc4c337cd2d318eb378e98e251d034aecfe4f89b081072d6584dfe99e97101cb983ad67557788e923e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_538E.tmp\Gui\jquery.localisation.min.js

Filesize
1KB

MD5
f1cf73e00c240e9a4283201291d45a07

SHA1
918c49cb6f1de521d91967b2508f19db1f38fea2

SHA256
81bce5ff1003c9d5a688102d5d4c603841ed61c32628823dc48d560ec0d42cd2

SHA512
2242892434a638a9344c87453c3d2a66a880278dcf66f1516f240131dca767248baf663ffc9365acad26550e5b20a742d8115d5976de3a094d0229d60844788f

Download Submit
C:\Users\Admin\AppData\Local\Temp\IM_538E.tmp\instlangs.xml

Filesize
17KB

MD5
aa91818150cfadb667ae6f914d43dca0

SHA1
4411bd0038ccd464ed7597f0540cfe04867b9042

SHA256
2aa71646493cf47b38be0920488159b154eaf19193dc4a6ecfa0a6509196c7c5

SHA512
dd1310dc52bb6cc4977341dc34fb6a273e1349602a5fb3037e0b0d087b8f0d2d7a04e2db32e2708379758266c31422d27b5a35f5ba068cd7dbdd211b07893ecd

Download Submit
memory/2716-104-0x0000000002B10000-0x0000000002B11000-memory.dmp

Filesize
4KB

Download