04d664bdd3c5063cf04d2f14b30238878f8d00383cb9e0c25c8d5c57909284fc

Analysis

max time kernel
175s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24611dfb733718a2fe6a502f06da07b2.exe
Size

255KB
MD5

24611dfb733718a2fe6a502f06da07b2
SHA1

1c56eaf91a47c50dc49bef460f5fbeca562b3052
SHA256

04d664bdd3c5063cf04d2f14b30238878f8d00383cb9e0c25c8d5c57909284fc
SHA512

e4fb8a0f91f3c6608933889d890b7d2e60e0ac05858e7f7775dd2e3029bc502ebc8f598317fd9e2cbc1b6e151f553fa29c516662e3125e35a2236b11a20adc5f
SSDEEP

6144:B3ioA1Ws/pP0S9YJlFNLvgeGusoqHg4tq8Uie:By3/b9SFFSu2NUie

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	24611dfb733718a2fe6a502f06da07b2.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	24611dfb733718a2fe6a502f06da07b2.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\ExcellentNotes.job	24611dfb733718a2fe6a502f06da07b2.exe

C:\Users\Admin\AppData\Local\Temp\24611dfb733718a2fe6a502f06da07b2.exe
"C:\Users\Admin\AppData\Local\Temp\24611dfb733718a2fe6a502f06da07b2.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2712-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2712-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2712-3-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2712-2-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2712-4-0x0000000000260000-0x0000000000289000-memory.dmp

Filesize
164KB

Download
memory/2712-5-0x00000000003A0000-0x00000000003CF000-memory.dmp

Filesize
188KB

Download
memory/2712-9-0x0000000000260000-0x0000000000289000-memory.dmp

Filesize
164KB

Download
memory/2712-12-0x0000000000470000-0x0000000000497000-memory.dmp

Filesize
156KB

Download
memory/2712-16-0x0000000000260000-0x0000000000289000-memory.dmp

Filesize
164KB

Download
memory/2712-20-0x0000000000260000-0x0000000000289000-memory.dmp

Filesize
164KB

Download
memory/2712-25-0x0000000000260000-0x0000000000289000-memory.dmp

Filesize
164KB

Download