4dc0f3c87c3f3e3591aa149efd03efa5092da748b1a8f99dbdbb990106977ba4

Analysis

max time kernel
52s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

24422184db43fd779e227e4d21e489fe.exe
Size

884KB
MD5

24422184db43fd779e227e4d21e489fe
SHA1

6aac1719618869770cd71f85ae161e4f1ca6a9e8
SHA256

4dc0f3c87c3f3e3591aa149efd03efa5092da748b1a8f99dbdbb990106977ba4
SHA512

8eeea57733dee1cf0a395877fce51b1d138e09cc28813d76e94607ca5c916ae00d45eba2aaafcc4e3be1a7d1be343c5953ed5266aef44a3b0150aca38075a49d
SSDEEP

24576:E4oR6qg4yUS9p78HONmNt0jc+NBEbMn8:ErsMip78uNmDoBEbM

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2836	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\24422184db43fd779e227e4d21e489fe.exe
"C:\Users\Admin\AppData\Local\Temp\24422184db43fd779e227e4d21e489fe.exe"
1⤵
PID:4620
- C:\Users\Admin\AppData\Local\Temp\24422184db43fd779e227e4d21e489fe.exe
  "C:\Users\Admin\AppData\Local\Temp\24422184db43fd779e227e4d21e489fe.exe"
  2⤵
  PID:3268
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\pFVyJt.exe"
  2⤵
  PID:3904
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pFVyJt" /XML "C:\Users\Admin\AppData\Local\Temp\tmpF3D.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:2836
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Roaming\pFVyJt.exe"
  2⤵
  PID:956
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\Admin\AppData\Local\Temp\24422184db43fd779e227e4d21e489fe.exe"
  2⤵
  PID:3692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/956-94-0x00000000073B0000-0x00000000073CA000-memory.dmp

Filesize
104KB

Download
memory/956-119-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/956-111-0x00000000076F0000-0x000000000770A000-memory.dmp

Filesize
104KB

Download
memory/956-109-0x00000000075E0000-0x00000000075EE000-memory.dmp

Filesize
56KB

Download
memory/956-108-0x00000000075B0000-0x00000000075C1000-memory.dmp

Filesize
68KB

Download
memory/956-107-0x0000000007630000-0x00000000076C6000-memory.dmp

Filesize
600KB

Download
memory/956-35-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/956-81-0x000000006FD70000-0x000000006FDBC000-memory.dmp

Filesize
304KB

Download
memory/956-92-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/956-37-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/956-38-0x0000000004A90000-0x0000000004AA0000-memory.dmp

Filesize
64KB

Download
memory/3268-52-0x0000000001800000-0x0000000001B4A000-memory.dmp

Filesize
3.3MB

Download
memory/3268-48-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/3692-96-0x0000000007C70000-0x0000000007C7A000-memory.dmp

Filesize
40KB

Download
memory/3692-95-0x00000000053D0000-0x00000000053E0000-memory.dmp

Filesize
64KB

Download
memory/3692-15-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/3692-16-0x00000000053D0000-0x00000000053E0000-memory.dmp

Filesize
64KB

Download
memory/3692-18-0x0000000005A10000-0x0000000006038000-memory.dmp

Filesize
6.2MB

Download
memory/3692-23-0x00000000061F0000-0x0000000006256000-memory.dmp

Filesize
408KB

Download
memory/3692-34-0x00000000062D0000-0x0000000006624000-memory.dmp

Filesize
3.3MB

Download
memory/3692-115-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/3692-112-0x0000000007F20000-0x0000000007F28000-memory.dmp

Filesize
32KB

Download
memory/3692-110-0x0000000007E40000-0x0000000007E54000-memory.dmp

Filesize
80KB

Download
memory/3692-50-0x00000000068D0000-0x00000000068EE000-memory.dmp

Filesize
120KB

Download
memory/3692-68-0x000000006FD70000-0x000000006FDBC000-memory.dmp

Filesize
304KB

Download
memory/3692-53-0x00000000069D0000-0x0000000006A1C000-memory.dmp

Filesize
304KB

Download
memory/3692-67-0x000000007F750000-0x000000007F760000-memory.dmp

Filesize
64KB

Download
memory/3692-14-0x0000000005320000-0x0000000005356000-memory.dmp

Filesize
216KB

Download
memory/3692-93-0x0000000008240000-0x00000000088BA000-memory.dmp

Filesize
6.5MB

Download
memory/3692-80-0x0000000007AC0000-0x0000000007B63000-memory.dmp

Filesize
652KB

Download
memory/3692-82-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/3692-22-0x0000000005900000-0x0000000005922000-memory.dmp

Filesize
136KB

Download
memory/3692-17-0x00000000053D0000-0x00000000053E0000-memory.dmp

Filesize
64KB

Download
memory/3692-66-0x0000000007A50000-0x0000000007A82000-memory.dmp

Filesize
200KB

Download
memory/3692-79-0x0000000007A90000-0x0000000007AAE000-memory.dmp

Filesize
120KB

Download
memory/3692-74-0x00000000053D0000-0x00000000053E0000-memory.dmp

Filesize
64KB

Download
memory/3904-55-0x00000000048B0000-0x00000000048C0000-memory.dmp

Filesize
64KB

Download
memory/3904-120-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/3904-54-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/3904-56-0x00000000048B0000-0x00000000048C0000-memory.dmp

Filesize
64KB

Download
memory/3904-97-0x000000006FD70000-0x000000006FDBC000-memory.dmp

Filesize
304KB

Download
memory/4620-0-0x0000000000120000-0x0000000000204000-memory.dmp

Filesize
912KB

Download
memory/4620-10-0x0000000004BC0000-0x0000000004BD0000-memory.dmp

Filesize
64KB

Download
memory/4620-1-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/4620-51-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/4620-5-0x0000000004BC0000-0x0000000004BD0000-memory.dmp

Filesize
64KB

Download
memory/4620-9-0x0000000074FE0000-0x0000000075790000-memory.dmp

Filesize
7.7MB

Download
memory/4620-6-0x0000000004CB0000-0x0000000004CBA000-memory.dmp

Filesize
40KB

Download
memory/4620-7-0x0000000004EF0000-0x0000000004F46000-memory.dmp

Filesize
344KB

Download
memory/4620-4-0x0000000004D20000-0x0000000004DB2000-memory.dmp

Filesize
584KB

Download
memory/4620-11-0x0000000008AD0000-0x0000000008B74000-memory.dmp

Filesize
656KB

Download
memory/4620-12-0x000000000AEF0000-0x000000000AF24000-memory.dmp

Filesize
208KB

Download
memory/4620-3-0x0000000005230000-0x00000000057D4000-memory.dmp

Filesize
5.6MB

Download
memory/4620-13-0x000000000AF90000-0x000000000AFF6000-memory.dmp

Filesize
408KB

Download
memory/4620-8-0x00000000051D0000-0x00000000051EA000-memory.dmp

Filesize
104KB

Download
memory/4620-2-0x0000000004BE0000-0x0000000004C7C000-memory.dmp

Filesize
624KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads