721ff5ea10da2373b87d2254e56b9fc7467935b05b3e4969ea868157cda0106e

Analysis

max time kernel
3s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 20:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

036deedf6056475f2a502c0c20bdaa5f.exe
Size

144KB
MD5

036deedf6056475f2a502c0c20bdaa5f
SHA1

8c63615d16b8d058518f9e8812bb7e66972c95ec
SHA256

721ff5ea10da2373b87d2254e56b9fc7467935b05b3e4969ea868157cda0106e
SHA512

87454f9c74a79bcacb20750e201d7e28ee6e56cd6362d4205082348084f72e6a14e96c8481308bf7ad15ee5180de39c592a7eb16c000af37ec851ca17c632ac5
SSDEEP

1536:8tljRYNnE0ggGDHjDTYpK3XZxkIh1mF+0da1f6ymqneF05b7UEFrsUhKeT4oQ8LL:8tYnhg/zLKM0AGMeF05nUE5j4oQOj

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2800	036deedf6056475f2a502c0c20bdaa5f.exe

C:\Users\Admin\AppData\Local\Temp\036deedf6056475f2a502c0c20bdaa5f.exe
"C:\Users\Admin\AppData\Local\Temp\036deedf6056475f2a502c0c20bdaa5f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2800
- C:\Users\Admin\karig.exe
  "C:\Users\Admin\karig.exe"
  2⤵
  PID:4368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\karig.exe

Filesize
74KB

MD5
4d29e31f50f4a4f6af3d374daf42e393

SHA1
97f2475ab71d31fc530a7df239b9d4d6f6ae0ea1

SHA256
7e5353bd540f1373a383fdc90b4ed67839254cc09a161e06b6206f31dedda8e8

SHA512
862e7bc4b2014e09ae8a7c490b0a230da6ef00c6c4319e985e262378673f7bccecc705d498041fadbfe03e29a252a421d98ead10c360db1e79d5583ad52b1278

Download Submit
C:\Users\Admin\karig.exe

Filesize
144KB

MD5
6c8f9afba57cb3eaabc2170dd49213da

SHA1
f382227815a73f5fd5931e0c66747a88bc1efb44

SHA256
d578322ec6f81acee5a1ad6ef7bb738f5957d2e106a4adefd4e8679f1906c263

SHA512
2ccd3cb1d30440ffbe4cbff3b0b0da12526f07b9fad7447299a2f3e229467604aa8e5075f3f6733fbcee23b1a0b047f1bfa429817991926516c0c1784bb3264b

Download Submit
C:\Users\Admin\karig.exe

Filesize
88KB

MD5
f95cc8a0e14a0e84a0ee590b16d42d76

SHA1
0fe7f9c1da8f816e6a108f543e1448108e6eaaae

SHA256
5ee5e47ebe7d1e63991d72574ef1e24dbc5af04048b17df7ca683d9ce17b925a

SHA512
b5a6af8b7ce107ca9447d121cefcb870ebbb85830788fd05f0e7934bdb647b07d3daa3504e4afd9d14e9f80928c437b71f3f95776dbd3b10a23d4b6b11555672

Download Submit