e1d8fe8d7c64324bc073a7ba1d88962627fce3af247c10211b083c4702209365

Analysis

max time kernel
190s
max time network
248s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 18:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

46deb0149ec4540282a7db2200514ba2.exe
Size

1.9MB
MD5

46deb0149ec4540282a7db2200514ba2
SHA1

c0afcd211eb8969c2c14a53ef390fea2e98a3a74
SHA256

e1d8fe8d7c64324bc073a7ba1d88962627fce3af247c10211b083c4702209365
SHA512

8f741ca6700ca9733f35561d93729c99b13de8a17e7ddeee3639e5528d4c1b152049dc5ea798f2e9082a91eb9d4e85121fb59714135b42dc2c128831c924067a
SSDEEP

49152:KTzmuEmPXWrYnqgiIUD20PBmys4ERX2urAb1+zatElDHbqE3O2n8qWuu7OWqhez:YaxmPXW7

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1712	46deb0149ec4540282a7db2200514ba2.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1712	46deb0149ec4540282a7db2200514ba2.exe
1712	46deb0149ec4540282a7db2200514ba2.exe
1712	46deb0149ec4540282a7db2200514ba2.exe
1712	46deb0149ec4540282a7db2200514ba2.exe

C:\Users\Admin\AppData\Local\Temp\46deb0149ec4540282a7db2200514ba2.exe
"C:\Users\Admin\AppData\Local\Temp\46deb0149ec4540282a7db2200514ba2.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\Favorites\Íâ¹Ò×÷·»¹Ù·½Õ¾ [www.zuowg.com].url

Filesize
110B

MD5
f9fc3e4f710ea6068eccca29ed784970

SHA1
eb6f961e7102e3aef227b204ff4dd9563f745812

SHA256
1c12badabe490d7c3d63bb0187965344ce0ed923eab707e446900a9b98913fcb

SHA512
b2d0db7a2c4b4d4e53a8daf2caff6a0ea826133038380e5dcf8c6493417f2884ecd61f047798189a3cff13cca3b9dbe99e5a501ce5de10488b2a337389b019ed

Download Submit
C:\Users\Admin\Favorites\Íâ¹Ò×÷·»×ÊÔ´Õ¾ [42724920.ys168.com].url

Filesize
115B

MD5
514d1b59ae8925c5edea3c446ce588dd

SHA1
60dd675b65c7ffaac6ca731dba265a6f316a6f75

SHA256
6bbfe9e113e075b646ae49400657b8bb20cbab06854b38bf007ac6e15cd7b773

SHA512
5bf3d0f1715b445852ad184907d2161967d51cb8fe9673330438d8705502bc63e263222c43839140c613a427b0b58b297e522b3953c2543453625e01b8017253

Download Submit