c79fd41a5d970f8fd42fa4ca8371792a8affc52795f4448163a15c6e41999736

Analysis

max time kernel
143s
max time network
109s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09-01-2024 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4d2458929218783c611d4b9b6a4fa50d.exe
Size

68KB
MD5

4d2458929218783c611d4b9b6a4fa50d
SHA1

183105912e7dd7ea0db57967dbb546cc04739afe
SHA256

c79fd41a5d970f8fd42fa4ca8371792a8affc52795f4448163a15c6e41999736
SHA512

3d95171be645bef43bb038c515e3f8b4c369a2fbe1f605dfeb2ea318a564143b4d91a7a782863a9eea9029f34e4c2fc5c6ec55e780f4df2171bd7fcb80f03423
SSDEEP

1536:AhFkDYuu9DNy/Ubp5G8YxjFUeIRZrSkSMQF:Dsuuny/I3Qj6fxShpF

Score

6^/10

Malware Config

Signatures

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	4d2458929218783c611d4b9b6a4fa50d.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	4d2458929218783c611d4b9b6a4fa50d.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4880	4d2458929218783c611d4b9b6a4fa50d.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 3744	4880	4d2458929218783c611d4b9b6a4fa50d.exe	14
PID 4880 wrote to memory of 3744	4880	4d2458929218783c611d4b9b6a4fa50d.exe	14
PID 4880 wrote to memory of 3744	4880	4d2458929218783c611d4b9b6a4fa50d.exe	14

C:\Users\Admin\AppData\Local\Temp\4d2458929218783c611d4b9b6a4fa50d.exe
"C:\Users\Admin\AppData\Local\Temp\4d2458929218783c611d4b9b6a4fa50d.exe"
1⤵
- Maps connected drives based on registry
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Users\Admin\AppData\Local\Temp\4d2458929218783c611d4b9b6a4fa50d.exe
  C:\Users\Admin\AppData\Local\Temp\4d2458929218783c611d4b9b6a4fa50d.exe
  2⤵
  PID:3744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads