e40bcc75bab3892dbe551e6840a93b8af8b68f0e26848eaa53b0817b3389203a

Analysis

max time kernel
127s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 20:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

547683032913006c2fed412913d847fc.exe
Size

780KB
MD5

547683032913006c2fed412913d847fc
SHA1

d54a868e82a609a3cc7fe1b492b69daa1d44f3a4
SHA256

e40bcc75bab3892dbe551e6840a93b8af8b68f0e26848eaa53b0817b3389203a
SHA512

deb33fa3bf850ad2e857067caa77eeba934a4e9c0514658ae0b86750a6c1133b117823aaf3d2198b7a54a1019265538a8ccbb9e50ece66e32872084fd1e1e904
SSDEEP

6144:Z7BttqhuDTxtsFYndI8rf2I+F5ze0PTCw7E4HMk1DXUqfaT1YViGTWja+k4HMMx:BBjDTxm8dIPze0Pd9Y8ym+7

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	547683032913006c2fed412913d847fc.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
2720	547683032913006c2fed412913d847fc.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe
2720	547683032913006c2fed412913d847fc.exe

C:\Users\Admin\AppData\Local\Temp\547683032913006c2fed412913d847fc.exe
"C:\Users\Admin\AppData\Local\Temp\547683032913006c2fed412913d847fc.exe"
1⤵
- Enumerates connected drives
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads