cc006f644e2b0f749f19d035d0d1e31989c20c23ad451bfcd3bad2e92855d852

Analysis

max time kernel
33s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

326b237d1f819edd5ea19acee3024aaa.exe
Size

583KB
MD5

326b237d1f819edd5ea19acee3024aaa
SHA1

e3d9944f861bc7c45d90412f65b5a209338421e8
SHA256

cc006f644e2b0f749f19d035d0d1e31989c20c23ad451bfcd3bad2e92855d852
SHA512

d529bce4b0df17138d0da46f85377aaa0bd35edd922e38f580d025daa7b1aeb6ff3c0a3d78d70c5a1170a734f614bf3cbe3b67b52355286ab6a9d098dd15b0b3
SSDEEP

12288:FGN25zHA8PnKyawsk62JG4i5FTTv22mhwTJwr9yzIHZD725qEPen2Vu:F42pH5nXnJnsNb22me49yzIHZD7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
880	schtasks.exe

C:\Users\Admin\AppData\Local\Temp\326b237d1f819edd5ea19acee3024aaa.exe
"C:\Users\Admin\AppData\Local\Temp\326b237d1f819edd5ea19acee3024aaa.exe"
1⤵
PID:3676
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
  "{path}"
  2⤵
  PID:3436
- - C:\Users\Admin\AppData\Roaming\Install\Host.exe
    "C:\Users\Admin\AppData\Roaming\Install\Host.exe"
    3⤵
    PID:1976
- C:\Windows\SysWOW64\schtasks.exe
  "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\cJRFrnPlyhXOg" /XML "C:\Users\Admin\AppData\Local\Temp\tmpC7C4.tmp"
  2⤵
  - Creates scheduled task(s)
  PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1976-34-0x0000000005610000-0x000000000564C000-memory.dmp

Filesize
240KB

Download
memory/1976-36-0x0000000074CB0000-0x0000000075460000-memory.dmp

Filesize
7.7MB

Download
memory/1976-35-0x00000000055D0000-0x00000000055F1000-memory.dmp

Filesize
132KB

Download
memory/1976-38-0x0000000074CB0000-0x0000000075460000-memory.dmp

Filesize
7.7MB

Download
memory/1976-33-0x0000000000DF0000-0x0000000000DFE000-memory.dmp

Filesize
56KB

Download
memory/3436-22-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3436-16-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3436-19-0x0000000000400000-0x0000000000433000-memory.dmp

Filesize
204KB

Download
memory/3676-5-0x0000000004C10000-0x0000000004C20000-memory.dmp

Filesize
64KB

Download
memory/3676-6-0x0000000002430000-0x000000000243A000-memory.dmp

Filesize
40KB

Download
memory/3676-10-0x0000000004C10000-0x0000000004C20000-memory.dmp

Filesize
64KB

Download
memory/3676-11-0x0000000005240000-0x00000000052D4000-memory.dmp

Filesize
592KB

Download
memory/3676-12-0x0000000004C20000-0x0000000004C66000-memory.dmp

Filesize
280KB

Download
memory/3676-7-0x0000000004D20000-0x0000000004D28000-memory.dmp

Filesize
32KB

Download
memory/3676-8-0x0000000004DD0000-0x0000000004E6C000-memory.dmp

Filesize
624KB

Download
memory/3676-9-0x0000000074BB0000-0x0000000075360000-memory.dmp

Filesize
7.7MB

Download
memory/3676-0-0x0000000074BB0000-0x0000000075360000-memory.dmp

Filesize
7.7MB

Download
memory/3676-3-0x0000000007650000-0x0000000007BF4000-memory.dmp

Filesize
5.6MB

Download
memory/3676-4-0x0000000007140000-0x00000000071D2000-memory.dmp

Filesize
584KB

Download
memory/3676-20-0x0000000074BB0000-0x0000000075360000-memory.dmp

Filesize
7.7MB

Download
memory/3676-2-0x0000000004A90000-0x0000000004B14000-memory.dmp

Filesize
528KB

Download
memory/3676-1-0x0000000000210000-0x00000000002A8000-memory.dmp

Filesize
608KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads