206f8d7f70ff12792403b47a1378213e0d09855c70731725b7f8219d979ccd56

Analysis

max time kernel
147s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49ea26b9e18cb1a6f9c502032aaab6c9.exe
Size

538KB
MD5

49ea26b9e18cb1a6f9c502032aaab6c9
SHA1

7c972c0822f289a0311d45f96774aebcce008681
SHA256

206f8d7f70ff12792403b47a1378213e0d09855c70731725b7f8219d979ccd56
SHA512

39c99ac0e6aad74ca49c6cd05da7d492488532a5d83292d066d6360d63b7e14dfb5073c5848ca12f13221244d419906bf3ef244f5f357eb8c26393e7895b5593
SSDEEP

6144:MvXI7LD5fqKM6hM26n9pxlKx9SSXYY0q5zqfpnDWjklwmfm5XzS5SnL60MkrhbeK:MfI/DzKpxlKxJYYh5ynq5JB/9

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\49ea26b9e18cb1a6f9c502032aaab6c9.lnk	49ea26b9e18cb1a6f9c502032aaab6c9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\49ea26b9e18cb1a6f9c502032aaab6c9.exe
"C:\Users\Admin\AppData\Local\Temp\49ea26b9e18cb1a6f9c502032aaab6c9.exe"
1⤵
- Drops startup file
PID:3548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3548-0-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/3548-1-0x0000000001080000-0x0000000001082000-memory.dmp

Filesize
8KB

Download
memory/3548-2-0x0000000001090000-0x0000000001091000-memory.dmp

Filesize
4KB

Download
memory/3548-3-0x0000000001160000-0x0000000001161000-memory.dmp

Filesize
4KB

Download
memory/3548-4-0x0000000001180000-0x0000000001181000-memory.dmp

Filesize
4KB

Download
memory/3548-5-0x0000000001190000-0x0000000001191000-memory.dmp

Filesize
4KB

Download
memory/3548-7-0x0000000001BB0000-0x0000000001BB1000-memory.dmp

Filesize
4KB

Download
memory/3548-6-0x0000000001B40000-0x0000000001B41000-memory.dmp

Filesize
4KB

Download
memory/3548-8-0x0000000001BC0000-0x0000000001BC1000-memory.dmp

Filesize
4KB

Download
memory/3548-10-0x0000000001BE0000-0x0000000001BE1000-memory.dmp

Filesize
4KB

Download
memory/3548-9-0x0000000001BD0000-0x0000000001BD1000-memory.dmp

Filesize
4KB

Download
memory/3548-11-0x0000000001BF0000-0x0000000001BF1000-memory.dmp

Filesize
4KB

Download
memory/3548-12-0x0000000003790000-0x0000000003791000-memory.dmp

Filesize
4KB

Download
memory/3548-13-0x00000000037A0000-0x00000000037A1000-memory.dmp

Filesize
4KB

Download
memory/3548-14-0x0000000001B90000-0x0000000001B92000-memory.dmp

Filesize
8KB

Download
memory/3548-15-0x00000000037E0000-0x00000000037E1000-memory.dmp

Filesize
4KB

Download
memory/3548-16-0x0000000003800000-0x0000000003801000-memory.dmp

Filesize
4KB

Download
memory/3548-17-0x0000000003810000-0x0000000003811000-memory.dmp

Filesize
4KB

Download
memory/3548-18-0x0000000003820000-0x0000000003821000-memory.dmp

Filesize
4KB

Download
memory/3548-19-0x0000000003830000-0x0000000003831000-memory.dmp

Filesize
4KB

Download
memory/3548-20-0x0000000003850000-0x0000000003851000-memory.dmp

Filesize
4KB

Download
memory/3548-21-0x0000000001B30000-0x0000000001B31000-memory.dmp

Filesize
4KB

Download
memory/3548-23-0x00000000037B0000-0x00000000037DC000-memory.dmp

Filesize
176KB

Download
memory/3548-22-0x0000000001BA0000-0x0000000001BA1000-memory.dmp

Filesize
4KB

Download
memory/3548-24-0x00000000037F0000-0x00000000037F1000-memory.dmp

Filesize
4KB

Download
memory/3548-31-0x0000000004450000-0x0000000004451000-memory.dmp

Filesize
4KB

Download
memory/3548-30-0x0000000003BA0000-0x0000000003BA1000-memory.dmp

Filesize
4KB

Download
memory/3548-28-0x0000000003BB0000-0x0000000003BB1000-memory.dmp

Filesize
4KB

Download
memory/3548-26-0x0000000003840000-0x0000000003841000-memory.dmp

Filesize
4KB

Download
memory/3548-47-0x00000000044D0000-0x00000000044D1000-memory.dmp

Filesize
4KB

Download