3dcef593b9e72f8a16d1ece5a8de80911e514e5d8fa1960780697457eb3ef728

Analysis

max time kernel
0s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 11:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cb4c84af365c4c70798871199c582da.exe
Size

1.1MB
MD5

3cb4c84af365c4c70798871199c582da
SHA1

d5a15605a1d30a14592c028b4496b7bff14cf20d
SHA256

3dcef593b9e72f8a16d1ece5a8de80911e514e5d8fa1960780697457eb3ef728
SHA512

f44d4968212fdb48ae90c8d6d952df21fb3bc8295cb22cae1f235ca6b2f7f153d43585a55f1952b49d129e86a4507219f2b727fd128328709a08e24537b8bec2
SSDEEP

24576:r4oKmf5R/pOCuxGU13IlBwaa6NKHb/JnsyytsE:r4uv/pOCIGk3Ivwaa6IHz1sds

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4824	3cb4c84af365c4c70798871199c582da.exe
4824	3cb4c84af365c4c70798871199c582da.exe

C:\Users\Admin\AppData\Local\Temp\3cb4c84af365c4c70798871199c582da.exe
"C:\Users\Admin\AppData\Local\Temp\3cb4c84af365c4c70798871199c582da.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ish240602015\images\progress-bg.png

Filesize
2KB

MD5
32a6846fe53388eb03be3ada2221297f

SHA1
1c1baec7b7fe7a420ccf68d3112384b44f8ba89e

SHA256
5c6d20c98c106bc6df49447b9939a90ba6a5e3c20d89ca0621677a7501bdb127

SHA512
79c4f3a72467b61c27d6e93415bae3fc61a9fde62aae4202ba8ed1de6328f5facc48092bfe57db70338a0a4b50f571d501eed04aed8b047d20aa28ee7446ce98

Download Submit
memory/4824-145-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-147-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-139-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-141-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-140-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-142-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/4824-143-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-144-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-7-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/4824-0-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-148-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-149-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-150-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-151-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-152-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-153-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-154-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download
memory/4824-155-0x0000000000400000-0x0000000000517000-memory.dmp

Filesize
1.1MB

Download