98c48e44ffaeedb7d148dcaff9bc6290b9140fb1d64e701b80ebc3215cdf66cf

Analysis

max time kernel
240s
max time network
293s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05-01-2024 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

424295356634f4bafbab035b28a2f805.exe
Size

4KB
MD5

424295356634f4bafbab035b28a2f805
SHA1

81660a0309b6fa0648d204181c47d681af81efaf
SHA256

98c48e44ffaeedb7d148dcaff9bc6290b9140fb1d64e701b80ebc3215cdf66cf
SHA512

ecd5c5e133d42238173007118b82b35655bf6ff0592e9fdf25e1d77b999f63ec598d4e725a9122998731c5ae57bfa274e3f65ec437e4c281f490f1d2fae8a957
SSDEEP

48:iVysofS65xJzz4gxQt/St+Djp7doBMho6bBp:A65xJvMD5q2hxp

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2656	DllHost.exe

C:\Users\Admin\AppData\Local\Temp\424295356634f4bafbab035b28a2f805.exe
"C:\Users\Admin\AppData\Local\Temp\424295356634f4bafbab035b28a2f805.exe"
1⤵
PID:2584

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\stub.ico

Filesize
766B

MD5
6af51d657c84380d7d0e79b0e26d3a25

SHA1
d2311222c346d60d0140ef005eb96f50de596930

SHA256
47d91bdd132f812ab8b514a2d434ee54b1ebfd78617a6d2f96de1fbd77918197

SHA512
abba7815ed2a367164efa6ceb26cef6272ea8e5e5aee8bbcd34e9515600fb321d576420e2472a1adf09d9f9c871d3e08af3f6c59b42c191e070e41a185ccb3c5

Download Submit
memory/2584-1-0x0000000002A10000-0x0000000002A12000-memory.dmp

Filesize
8KB

Download
memory/2656-2-0x0000000000260000-0x0000000000262000-memory.dmp

Filesize
8KB

Download
memory/2656-3-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download
memory/2656-5-0x0000000000380000-0x0000000000381000-memory.dmp

Filesize
4KB

Download