ff77d1b39f87bfa525c67f780c77b516a3ab05f3f794aaedfdfbe118044d3675

Analysis

max time kernel
1s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
05/01/2024, 14:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43e4f5a31ff7c90f59f4ac9b4d2eecf5.exe
Size

51KB
MD5

43e4f5a31ff7c90f59f4ac9b4d2eecf5
SHA1

e59c6084c537ebec193ff3f19c0f906e09a71fcf
SHA256

ff77d1b39f87bfa525c67f780c77b516a3ab05f3f794aaedfdfbe118044d3675
SHA512

68bec7e25a1a4388494a9636935b0051e8466302e7ccefa399692ec69aa73d9405c6b128d5b6cd5431dec2c56c809d78a54f73e57af4f0051d65c64522384554
SSDEEP

768:hogJkE3jZoiBd5Byynjb3xMJEU0xSOumt28ZDWVx6c:hogJkE3egd28/qyUnOo8ZiV0c

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4224	43e4f5a31ff7c90f59f4ac9b4d2eecf5.exe
4224	43e4f5a31ff7c90f59f4ac9b4d2eecf5.exe

C:\Users\Admin\AppData\Local\Temp\43e4f5a31ff7c90f59f4ac9b4d2eecf5.exe
"C:\Users\Admin\AppData\Local\Temp\43e4f5a31ff7c90f59f4ac9b4d2eecf5.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4224
- C:\Users\Admin\lsass.exe
  "C:\Users\Admin\lsass.exe"
  2⤵
  PID:1096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\lsass.exe

Filesize
3KB

MD5
f65f4e2bbc45846b3ccfe5df65ecd670

SHA1
912c848fc0a702e74e55b035a178e5c3a69f01ab

SHA256
2ccbf97a310792d034c6e3a0a60f27c445817b160c45db695518e59f8466a9fe

SHA512
4f0d772dcf0db8fe381c43754c23d7725aa281ae0cb47077f11cc7ae09561079da070071a52e192df0230b1ce31a97741b48097612e1154c44dd1bc9a62227cd

Download Submit
C:\Users\Admin\lsass.exe

Filesize
34KB

MD5
c92ec8ea93e197717cf8bcdeb0ed436f

SHA1
c527c3100f580b025228058dbfe8d624a5e7a918

SHA256
10702291de5275cd3d85e41457ba8205abaa6d44aafbd1d101a469694608d990

SHA512
58922884d78b70cd2e14e1340ac9a0159d65db118a5ef6dd0accde61b77670be7a5c338da1ba78bf4535eb21dbdae0aedf5b0c4bfb21c9333bdc977bddd610ec

Download Submit
memory/1096-32-0x0000000003000000-0x0000000003001000-memory.dmp

Filesize
4KB

Download