4eddc7c2c1367ed711e9cfbac157da17f367eb79aba53c80cf0c1160a8754e13

Analysis

max time kernel
144s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 08:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

487b6e0888cf7ffe935d73f418d38dcb.exe
Size

306KB
MD5

487b6e0888cf7ffe935d73f418d38dcb
SHA1

b9a150d660808d1e2abefd7417b671e97510dd3d
SHA256

4eddc7c2c1367ed711e9cfbac157da17f367eb79aba53c80cf0c1160a8754e13
SHA512

5c0d48fa47526a41902cc8cbbd35b507235c9c8de854d1cae4d4872e009f7b4bd2091b5b986d17d147fd3a195c2e1484f863e664aae4e274eb142a6dcd258a5f
SSDEEP

6144:21XlKgzelZNQSBQGH/CSpWqTaUjD5cmQ:2UfBQGH6SfuUjD51Q

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 10 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\H:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\I:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\J:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\K:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\M:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\G:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\L:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\N:	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened (read-only)	\??\O:	487b6e0888cf7ffe935d73f418d38dcb.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX4AF5.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCX4B06.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\7-Zip\7z.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCX4B17.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\crashreporter.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX49F2.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4A9C.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Internet Explorer\ielowutil.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\RCX4B9D.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\RCX4C06.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Microsoft Office\Office16\RCX4BC0.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\7-Zip\7zFM.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX4BE4.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCX4B29.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Java\jre-1.8\bin\java-rmi.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\RCX4BAE.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Microsoft Office\Office16\OSPPREARM.EXE	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX4BD0.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4A66.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4A67.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Internet Explorer\ieinstal.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\RCX4B5B.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX4BD1.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX49E1.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\RCX4B4A.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\uninstall\RCX4BF4.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX4BE3.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\readme.1xt	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\RCX4A27.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX4A8B.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX4AE3.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\extcheck.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX49F3.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\dotnet\dotnet.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	487b6e0888cf7ffe935d73f418d38dcb.exe
File created	C:\Program Files\Java\jdk-1.8\bin\appletviewer.cab	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX4BD2.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\7-Zip\RCX49CF.tmp	487b6e0888cf7ffe935d73f418d38dcb.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome.cab	487b6e0888cf7ffe935d73f418d38dcb.exe

C:\Users\Admin\AppData\Local\Temp\487b6e0888cf7ffe935d73f418d38dcb.exe
"C:\Users\Admin\AppData\Local\Temp\487b6e0888cf7ffe935d73f418d38dcb.exe"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
PID:4192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.cab

Filesize
162KB

MD5
b751bcf91aa2207d431d923154639496

SHA1
4da1a459512328c761cdb27a2f69ba062b4fcd30

SHA256
b04997bfe3c84aba419d521440e03a6b3552f791249167a393a3608b185b1d0c

SHA512
fb159b80671c965c58f4525a37f3bfe1cd045fd2728dff0cc6e068271b86d47621e9042eb852e915ef489e5a1e1b59a19c4366cd6fc847188bd4d7368ff29a99

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
92KB

MD5
b3dff4b999b6750eef02804fc68d7ce4

SHA1
1cec9498f32e7cd32b7e014884d08add9cd9165e

SHA256
5d9d507ba97e86ae5d285ba90e7d7ae6773c25ef1028bf5bf62969e7e65a4a2c

SHA512
0265be2d707ccc974b09bff039b88115eb4c294b05667d2e4fbc788e32f8a163ac9e834bdbe3e3fdf82858c8f25efe85fb9e5f7ba95e312c6467641ea90b4186

Download Submit
C:\Program Files\7-Zip\7zFM.cab

Filesize
446KB

MD5
8896806e7e18ed24b1a83a3a893e7d3c

SHA1
e5956dcc3234f5bb4a0140d0d0edb81d8379b63f

SHA256
e7ffb29d2c10ebbe213f7912e206e23b766bdce2902f0ec0d5a795456d8dceb7

SHA512
54b38f18c24d935451bb92a94be0d5f7a64e1ab17621cf956a18cb1a3c1b66eb29789fda50b5be9fd5714147eda0aee39ee098db7f375f7f8bcca914aa510e73

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\RCX49E0.tmp

Filesize
236KB

MD5
0d8626ee0ae4d13506e3d53ec0382a54

SHA1
d4b055a326e93ed47934bdcbd11eb7850e691411

SHA256
777bef9869479af587c36dced9cb7fb97e1dbc2b751c5c03c6bea4d70c192693

SHA512
20c71c105d11878dcad6e646f64c7cbefbf134681292188b2e6774a36774c57248b9a45e8b76459545112aaa672e22af2f7b44e78b8ea712ddcc2e78b585d14a

Download Submit