528505be294869c1902dafa8845ef1acf22911d11520a2dd14c41fed94a57dbc

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 13:23

Target

LicGen.exe
Size

330KB
MD5

5f9663fa1e1eeecaa9341d0f96f36800
SHA1

cd7748af85e0b94b4b4f413c9c31dd7e7dff3778
SHA256

528505be294869c1902dafa8845ef1acf22911d11520a2dd14c41fed94a57dbc
SHA512

cde8fdccb9de3521373fcde2b999b61fd84eb9078afbe55e86279a41ada220f1013f4311018de3e336bb4344b1878f484e0e4e00a8521f61fc023dd93ba98cbe
SSDEEP

6144:fiOCm8pFhrZGNhikf2MpP0zfNCxxiDoAn0fnI8ZHCaTpWPapoSK1:fqm8pFhZGHikfuN2xi0Y0fnbpCasioSS

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	LicGen.exe
Key created	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	LicGen.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4296	LicGen.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/4296-0-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-1-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4296-2-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-4-0x0000000000B30000-0x0000000000B31000-memory.dmp

Filesize
4KB

Download
memory/4296-5-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-6-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-8-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-9-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-10-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-11-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-15-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download
memory/4296-16-0x0000000000400000-0x00000000004DB000-memory.dmp

Filesize
876KB

Download