3b9e7c12e6b9f447387a7c520b83c4fdac0d5b2c70d17a17b9f32a01618d1e87

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19-01-2024 06:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1643.exe
Size

2.3MB
MD5

fa953f1353d548ddf0eac62cb2a6495d
SHA1

6c64c657afc0da84865c5e01a6bfdd4c9d8bc50c
SHA256

f757cf1dce7bc4fac85dffda860cf10ef7bd90cf9699497e53d181251eb1aa17
SHA512

1c34844436ceceb2a11f0ae2974b3e5b7e4446e67c05ad8a96fe94c8f8bf70a75759091ff870ebfccc7f63d208a70095eeecd317ca583c7bd9f21f40d57dc5c7
SSDEEP

24576:Zelo5jh+9b8SL1lAdL5+FPI3YqOcHQSFablTmVf3xquGjHneFUJfKu+hM6:0l+h+1qs0Y/BTmSuGjHnevugM6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2940	1643.exe

C:\Users\Admin\AppData\Local\Temp\1643.exe
"C:\Users\Admin\AppData\Local\Temp\1643.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2940-0-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2940-1-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/2940-3-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download