c61fdf7c41cb0ee0971472151c321e31256c347872328a6969ae4a828bfebe28

Analysis

max time kernel
5s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 18:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e1e979bd3c1baf17dc9ecd4456f32d0.exe
Size

88KB
MD5

4e1e979bd3c1baf17dc9ecd4456f32d0
SHA1

fb8b5b0c2f8ca3d5c0bfcc87035a7d5ad1c252f1
SHA256

c61fdf7c41cb0ee0971472151c321e31256c347872328a6969ae4a828bfebe28
SHA512

b86b654b772c5f3d7a08b056ce4cc071a1623ac7455f89fcf3b12b8a6b42b32ae2b0f74ed8c0af7714387da1b6a07d3e43c0d92573e800153d9bea8c0cd80030
SSDEEP

768:Tupxbzik8wmsGaxFIkud+e9WigswDUMKiFIk6chisiOeGHRNZ1RXMNPYn6lFFgzO:GmkFy0BzZ10XYVM+Zx9sa1S5dn

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1768	4e1e979bd3c1baf17dc9ecd4456f32d0.exe

C:\Users\Admin\AppData\Local\Temp\4e1e979bd3c1baf17dc9ecd4456f32d0.exe
"C:\Users\Admin\AppData\Local\Temp\4e1e979bd3c1baf17dc9ecd4456f32d0.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1768
- C:\Users\Admin\trdoz.exe
  "C:\Users\Admin\trdoz.exe"
  2⤵
  PID:4804

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\trdoz.exe

Filesize
4KB

MD5
bcff4a52df16e46510deade6a7a83a87

SHA1
fa389fd16692d8db3000abb1492536d3b676e8d7

SHA256
dadabfcd47bfef572695ca0d1313828383d64e9fe7285375a178e3880cc8e66d

SHA512
5acb639f31d09217da4cf0e085463e233cdeb413518a292954eeeda89ab6ec2d7e2d681fa35fedbde5247e58fb37adefa8c936da55c326d879e6593760343f39

Download Submit
C:\Users\Admin\trdoz.exe

Filesize
39KB

MD5
7a9bd3efccd67f7ba39e1c0cdd4b97dc

SHA1
4aeed838bf1b56bd9d84b9179d926d93b9567576

SHA256
7c8673a21943f4d104f3feecd12ee44683db659e388410d3d8171a9677065e13

SHA512
768148e6cf44c31d8e712bd166ca8a899c5d2c2a8cf0b5fa6e6b497949930f685a4d6f89ab77b58d12446b4e050de1541ce13111e601a7cab8777ab41e14b2d2

Download Submit
C:\Users\Admin\trdoz.exe

Filesize
88KB

MD5
2fb8abff022d3a0c44683e53fac65c22

SHA1
727dfef2c6193c8151fca93cf9cd0514c35b1397

SHA256
d43aa9c422cf134c69d4c56dd9b7b705dae8ad8af99ab323e3c1e8e07236b4d6

SHA512
6b1a28529e6375a0ec4328a7bf0e2a297082b4001021928c4441a2c06f74d97f9b6d055f240af9e045145e5e26009f2ff1ac460e918fda7336f2c881a647d3a5

Download Submit