10132b49a382ef8b13377cbc243a0dfb400fde0f701b556a4a716b079ee3a6c3

Analysis

max time kernel
145s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:15

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

299c21261037a9339cad73a7f6ea3b6a.exe
Size

261KB
MD5

299c21261037a9339cad73a7f6ea3b6a
SHA1

603c8fdca7bab0966bd5d569c25e7935bbdc37f0
SHA256

10132b49a382ef8b13377cbc243a0dfb400fde0f701b556a4a716b079ee3a6c3
SHA512

7ad09dcdc3fc3468d5ec4351477e50e4a45d55d6f1e0d656b6a28fddd10a518127bacdac55b8e82642160659e3599845fdb9d5a38a936bc85bf61e34501bf3a9
SSDEEP

6144:cZ7MIKfQ/OPLvqj8/ZzOYCftHXY19y8yawi9fTW:LIqqGZpCfFXW95wi9f6

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum	299c21261037a9339cad73a7f6ea3b6a.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	299c21261037a9339cad73a7f6ea3b6a.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\FundsAssist.job	299c21261037a9339cad73a7f6ea3b6a.exe

C:\Users\Admin\AppData\Local\Temp\299c21261037a9339cad73a7f6ea3b6a.exe
"C:\Users\Admin\AppData\Local\Temp\299c21261037a9339cad73a7f6ea3b6a.exe"
1⤵
- Maps connected drives based on registry
- Drops file in Windows directory
PID:3948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3948-2-0x00000000016E0000-0x00000000016F0000-memory.dmp

Filesize
64KB

Download
memory/3948-1-0x0000000000D50000-0x0000000000D60000-memory.dmp

Filesize
64KB

Download
memory/3948-8-0x0000000000D60000-0x0000000000D89000-memory.dmp

Filesize
164KB

Download
memory/3948-17-0x0000000000D60000-0x0000000000D89000-memory.dmp

Filesize
164KB

Download
memory/3948-15-0x0000000000D60000-0x0000000000D89000-memory.dmp

Filesize
164KB

Download
memory/3948-11-0x00000000016F0000-0x0000000001717000-memory.dmp

Filesize
156KB

Download
memory/3948-4-0x0000000001640000-0x000000000166F000-memory.dmp

Filesize
188KB

Download
memory/3948-24-0x0000000000D60000-0x0000000000D89000-memory.dmp

Filesize
164KB

Download
memory/3948-3-0x0000000000D60000-0x0000000000D89000-memory.dmp

Filesize
164KB

Download
memory/3948-0-0x00000000017F0000-0x0000000001800000-memory.dmp

Filesize
64KB

Download