16e6c1ef77940ba4d578f532bd502684652a43c1308bbc1069c4f477164c34f3

Analysis

max time kernel
3s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54175a6d9a052407f244924420d2309a.exe
Size

88KB
MD5

54175a6d9a052407f244924420d2309a
SHA1

3863b1ae5d27c3f28457994785ea963f7a3d8e09
SHA256

16e6c1ef77940ba4d578f532bd502684652a43c1308bbc1069c4f477164c34f3
SHA512

f8fe4adfa2394d26345b582d09824490974f25ef8944f83d65256a5af3f55d0bbadef4ae1ef9694161d78bc8af17b711ed045255b38e4066c07272031da88a14
SSDEEP

1536:IuJ5IQ/JDHKa5EJWceYljNZQjvDmNmoGp:nnI8DHKu8lz4NoGp

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4224	54175a6d9a052407f244924420d2309a.exe

C:\Users\Admin\AppData\Local\Temp\54175a6d9a052407f244924420d2309a.exe
"C:\Users\Admin\AppData\Local\Temp\54175a6d9a052407f244924420d2309a.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4224
- C:\Users\Admin\heepui.exe
  "C:\Users\Admin\heepui.exe"
  2⤵
  PID:5048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\heepui.exe

Filesize
88KB

MD5
9b014fb41d12518905373e23a8977e24

SHA1
bf654af8b09f80117f1a299dea205783d972d2ca

SHA256
6f0c67afcacaec0d617de6cce3fb4b6ed2a365045a9ba02c967c5fbb1a3c5ce6

SHA512
1b1ff25b8e045ce79b121489ecf26ec5f15e992cf49cda8dbbeeb7dbad74575abf62fbdc43b186ae6b71793288d6708d0ddd325ffd4e17b6871aa8a5f9b1d6fd

Download Submit