654c2a5cbc8d15687b03083418f7cf871ec250aa0e048ff07a65adb88bae3aef

Analysis

max time kernel
186s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4f2a46d37a49c4c133bb21020f53ec76.exe
Size

110KB
MD5

4f2a46d37a49c4c133bb21020f53ec76
SHA1

2a9d6a8ce80c145c6a46a4abeb37c09cdbbea7fa
SHA256

654c2a5cbc8d15687b03083418f7cf871ec250aa0e048ff07a65adb88bae3aef
SHA512

0867d0e5affbb4c44fcd4f52ae5559b75e31a36c6123d99af68c190988ae04052d6f103c48b20c404c11e5c5e0499ddb2ec22995ab06bbd9b51238dedce278df
SSDEEP

3072:AzW7GpD9VaPB7C/cfca1sMuf1/Dq42tOBNsYr94NW7:4W7MD92B7C/cfcaeMuhq8prAW

Score

5^/10

Malware Config

Signatures

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\4f2a46d37a49c4c133bb21020f53ec76.exe	4f2a46d37a49c4c133bb21020f53ec76.exe

Drops file in Program Files directory 20 IoCs

description	ioc	Process
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTI.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGEPACKAGES.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.PPT	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.PPT	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.DOC	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\SAMPLES\SOLVSAMP.XLS	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\UNPUBLISHMOUNT.XLS	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\CLASSFILE_CONSTANTS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JAWT.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLBACKS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JAWT_MD.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\JNI_MD.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.DOC	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JDWPTRANSPORT.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JNI.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.C	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\WIN32\BRIDGE\ACCESSBRIDGECALLS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLN.XLS	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\JAVA\JDK-1.8\INCLUDE\JVMTICMLR.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\PROGRAM FILES\MICROSOFT OFFICE\ROOT\OFFICE16\1033\PROTTPLV.XLS	4f2a46d37a49c4c133bb21020f53ec76.exe

Drops file in Windows directory 32 IoCs

description	ioc	Process
File created	C:\WINDOWS\INF\LSM\LAGCOUNTERDEF.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\WINDOWS\INF\SERVICEMODELOPERATION 3.0.0.0\_SERVICEMODELOPERATIONPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\TAPISRV\PERFCTR.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\TERMSERVICE\TSLABELS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\UGATHERER\GSRVCTR.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\WINDOWS\INF\WMIAPRPL\WMIAPRPL.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_PERF.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\.NET CLR NETWORKING\_NETWORKINGPERFCOUNTERS_V2.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\RDYBOOST\READYBOOSTPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\REMOTEACCESS\RASCTRNM.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\SMSVCHOST 4.0.0.0\_SMSVCHOSTPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V2.0.50727\ASPNET_STATE_PERF.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\.NETFRAMEWORK\CORPERFMONSYMBOLS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\USBHUB\USBPERFSYM.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_PERF.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\MSDTC\MSDTCPRF.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\UGTHRSVC\GTHRCTR.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\WSEARCHIDXPI\IDXCNTRS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\WINDOWS\INF\SERVICEMODELENDPOINT 3.0.0.0\_SERVICEMODELENDPOINTPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\WINDOWS\INF\MSDTC BRIDGE 3.0.0.0\_TRANSACTIONBRIDGEPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\WINDOWS\INF\SERVICEMODELSERVICE 3.0.0.0\_SERVICEMODELSERVICEPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\WINDOWS\INF\SMSVCHOST 3.0.0.0\_SMSVCHOSTPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\WINDOWS WORKFLOW FOUNDATION 4.0.0.0\PERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\.NET DATA PROVIDER FOR SQLSERVER\_DATAPERFCOUNTERS_SHARED12_NEUTRAL.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\.NET DATA PROVIDER FOR ORACLE\_DATAORACLECLIENTPERFCOUNTERS_SHARED12_NEUTRAL.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\.NET MEMORY CACHE 4.0\NETMEMORYCACHE.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\MSDTC BRIDGE 4.0.0.0\_TRANSACTIONBRIDGEPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\.NET CLR DATA\_DATAPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File opened for modification	C:\WINDOWS\INF\WINDOWS WORKFLOW FOUNDATION 3.0.0.0\PERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V4.0.30319\ASPNET_STATE_PERF.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\.NET CLR NETWORKING 4.0.0.0\_NETWORKINGPERFCOUNTERS.H	4f2a46d37a49c4c133bb21020f53ec76.exe
File created	C:\WINDOWS\INF\BITS\BITSCTR.H	4f2a46d37a49c4c133bb21020f53ec76.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-635608581-3370340891-292606865-1000_Classes\Local Settings	4f2a46d37a49c4c133bb21020f53ec76.exe

C:\Users\Admin\AppData\Local\Temp\4f2a46d37a49c4c133bb21020f53ec76.exe
"C:\Users\Admin\AppData\Local\Temp\4f2a46d37a49c4c133bb21020f53ec76.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
PID:3748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3748-0-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/3748-3-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-4-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-5-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-6-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/3748-8-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-9-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-10-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-12-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-13-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-14-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-15-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-17-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-18-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/3748-19-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download