Analysis
-
max time kernel
151s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
18/01/2024, 16:36
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
658298ac8ffa11c30f75c78a12c16290.exe
Resource
win7-20231215-en
windows7-x64
6 signatures
150 seconds
Behavioral task
behavioral2
Sample
658298ac8ffa11c30f75c78a12c16290.exe
Resource
win10v2004-20231215-en
windows10-2004-x64
4 signatures
150 seconds
General
-
Target
658298ac8ffa11c30f75c78a12c16290.exe
-
Size
418KB
-
MD5
658298ac8ffa11c30f75c78a12c16290
-
SHA1
6767b66952134e86355d60e8ae23ccf872a7fcb8
-
SHA256
f4d5e1628a72fe10c8dfe8f7860d15d65fec026647bb1993162d227a9f7c4736
-
SHA512
6c9c23224dca7face04cf31efa8d2347f875356b1a438982f7ba268534941500dd8558509e6805a21254e9a72a4caae143b8aa0a3c5cef8e8d1edd157803507e
-
SSDEEP
12288:UJ1BIyL8J/vvFVtcOOc3G/NdWxCS3G4EnaT9jgiy:ULk/ZSWxCS24EnaTJg
Score
7/10
Malware Config
Signatures
-
Drops startup file 1 IoCs
description ioc Process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\exe.lnk 658298ac8ffa11c30f75c78a12c16290.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe 924 658298ac8ffa11c30f75c78a12c16290.exe