fc34386f573d4f8d769c70ec4fa22755c1bc51553a4a2f16ca5ff961ca9eec9b

Analysis

max time kernel
128s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 00:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

21b11333e069712ecc9ee63c08815371.exe
Size

80KB
MD5

21b11333e069712ecc9ee63c08815371
SHA1

237e7a19e4a33f99fe71650fd3a0319e463dc1c6
SHA256

fc34386f573d4f8d769c70ec4fa22755c1bc51553a4a2f16ca5ff961ca9eec9b
SHA512

c2484a1a33a2a42d82a4e75028cf9fd90279dc2e0ecac0688c97b241846014ff77c504d3098f1c4dafbe6f15a2c6720289f5af1c2644bd06eff0e464a6beaade
SSDEEP

1536:BHBaogV82U+I21gB6AXWdBnRlqHiym9DiXjN:gV8aIASm3nxym9D+j

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	21b11333e069712ecc9ee63c08815371.exe
File opened (read-only)	\??\I:	21b11333e069712ecc9ee63c08815371.exe
File opened (read-only)	\??\J:	21b11333e069712ecc9ee63c08815371.exe
File opened (read-only)	\??\H:	21b11333e069712ecc9ee63c08815371.exe
File opened (read-only)	\??\G:	21b11333e069712ecc9ee63c08815371.exe
File opened (read-only)	\??\B:	21b11333e069712ecc9ee63c08815371.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\Microsoft Shared\ink\vm03195.exe	21b11333e069712ecc9ee63c08815371.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\vm03195.exe	21b11333e069712ecc9ee63c08815371.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\21b11333e069712ecc9ee63c08815371.exe
"C:\Users\Admin\AppData\Local\Temp\21b11333e069712ecc9ee63c08815371.exe"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\Microsoft Shared\ink\vm03195.exe

Filesize
1.5MB

MD5
0c7dad827cf3a21c9f9655a5ba0e7010

SHA1
2e522abfef7701067d5a94f221a5bcbb4f70b996

SHA256
9ccd1af3d0ad0debe2479aac31a9bedb73550de006298ae008ae183dbdb5be6f

SHA512
be9a7368e0b9542fc51d86508e94ddca056c09cb83b86147d058b7b2db9e347c4d33356150137f880429709866076705046fba16d4111cea0376aa3b8ec52ce3

Download Submit