5b668735265bef06fca6c5d3ea333c358fab200b3e6f2493e5b2dcbbd85f9345

Analysis

max time kernel
3s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 11:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3cb5c4680d1143e6e24fc5e1a9c1aa6b.exe
Size

240KB
MD5

3cb5c4680d1143e6e24fc5e1a9c1aa6b
SHA1

180ac7df0027964a80ab1c60a706d278be630a23
SHA256

5b668735265bef06fca6c5d3ea333c358fab200b3e6f2493e5b2dcbbd85f9345
SHA512

1e0522bbdefa1a02436673365d19948794a2fa61b533e1b9f8ca2ee06852341c11a87629d9bd45dff2bc52f474ffa54e72bf07915ebda040d1b13c865e9c7715
SSDEEP

3072:ykBGrT8j6VlpvBd90i/SmWKLi7CjFSivnfu3fbMdozt5czII:yX0UGKGkFRKfeoztO

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2800	3cb5c4680d1143e6e24fc5e1a9c1aa6b.exe

C:\Users\Admin\AppData\Local\Temp\3cb5c4680d1143e6e24fc5e1a9c1aa6b.exe
"C:\Users\Admin\AppData\Local\Temp\3cb5c4680d1143e6e24fc5e1a9c1aa6b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2800
- C:\Users\Admin\zaigieq.exe
  "C:\Users\Admin\zaigieq.exe"
  2⤵
  PID:3028

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\zaigieq.exe

Filesize
95KB

MD5
6cde3e8f750155d5b3cc07eef147e0be

SHA1
4011974ecb8d711cfa3ed915bd3dace8f5817fa7

SHA256
fafc1d15fe51725c4db25cc9cd6d54dcf6a0ed50afbf2b3a3b357063eb08312c

SHA512
76b70d2d928c0b0f98556904e84ce42f22af8afaa0f4d898ce472b11fc6b1b9108fb1e22ec0cbef2dc4799e9772c7ae487481af0f15333b8d79be1647e8eb588

Download Submit
\Users\Admin\zaigieq.exe

Filesize
240KB

MD5
a9d0483d9ad4c1d4ec6279b8209ed800

SHA1
2253dcaedcafe31d0fdeffb5cd87ce08b107c8ff

SHA256
e086487288d2ae5f26132d8266a7131f6dd4b6ee6d3928be048d37c2f4138ebe

SHA512
3b7b9139fa7864b7a017307bc73e28d94575e3f8cd6375b92b9e563562e783ebc9d7e04dff733cefd17450ebe5508533f10ea028d961b9f8df0b67253a53589a

Download Submit
\Users\Admin\zaigieq.exe

Filesize
92KB

MD5
8001763bc8355e0de48e3e4f9e6e3aa2

SHA1
a445b72dd29760b65e6ed8a6b39306a7813193c7

SHA256
26ad5aa4bb2248001e2532d125d2aaf1657e326b8c0bbb5059f19cb2cbededeb

SHA512
c155c4ee414495286c0dbf3bc81763bf2dac14a1cafc637dd359501b5496a1b1570eef342cbcaa11bb4cba227e2b8d6002b1352a67217ebb20f2c82f7ae3e468

Download Submit