8df3d3ed6875932be1c80b67d11f05f3d85260d4399fa6d9b6d36806955adb4e

Analysis

max time kernel
22s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54651254208d18cd5567ce9f562936fb.exe
Size

228KB
MD5

54651254208d18cd5567ce9f562936fb
SHA1

6fca7f77ff8235dc481fae1b3b53eab820825b1b
SHA256

8df3d3ed6875932be1c80b67d11f05f3d85260d4399fa6d9b6d36806955adb4e
SHA512

c70491ff1615a30a5c2b5773ca9ed6cdf8e6dc49558666aa36500c371c9e52b17093c6b9d05b301aa6bdf6794b864ad7654b003a7cad375338fa2e19ede4c695
SSDEEP

6144:7n53PFKs7H4p7+8EqxF6snji81RUinK6:T1Phu

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2396	54651254208d18cd5567ce9f562936fb.exe

C:\Users\Admin\AppData\Local\Temp\54651254208d18cd5567ce9f562936fb.exe
"C:\Users\Admin\AppData\Local\Temp\54651254208d18cd5567ce9f562936fb.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2396
- C:\Users\Admin\soaamu.exe
  "C:\Users\Admin\soaamu.exe"
  2⤵
  PID:1316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\soaamu.exe

Filesize
92KB

MD5
a8d3c2fa0e1817e3e44db34c8eea6ca2

SHA1
cdf1e0163f707b06fa15f31733fd01d47adcdae6

SHA256
e8c809a66f20af8aa0e8d4f86ca889d11749798ccf1de95ac71adef806df79d7

SHA512
7c25bac2d5a6479eba1ca6708931880ebc5f6d7444372ed2d4c5ee7189af29a833127fe906650f6a2d88c06020d3cac20bbd1112f19683b537c06b9c4126ec67

Download Submit