Analysis
-
max time kernel
149s -
max time network
135s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25-01-2024 17:32
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
General
-
Target
tmp.exe
-
Size
301KB
-
MD5
d7e07baf23641fa08a4067ca07ea4b4d
-
SHA1
eda4e790cde8b30cb46558b94415e4a916f56e78
-
SHA256
c7cbef34bbc2ae01c9131646954a2fec8ab6f7cbd70ee2d92eada6796884e1b8
-
SHA512
ffc65c88345d482bbfe100f8ca804b4470dedab81c580873e5134872d41aa74c9bb11c3978165b0f62e275b2c95f2c158f02222d02e64f7e794bc157699f89a5
-
SSDEEP
6144:HhjGvEehzo1urn+utlHJ3hfcAOqGJF/p/uwONct43j92UysA:H12Eehzo1uDkf9pGHNu4B2UW
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\E: tmp.exe File opened (read-only) \??\H: tmp.exe File opened (read-only) \??\I: tmp.exe File opened (read-only) \??\K: tmp.exe File opened (read-only) \??\Y: tmp.exe File opened (read-only) \??\Z: tmp.exe File opened (read-only) \??\J: tmp.exe File opened (read-only) \??\N: tmp.exe File opened (read-only) \??\O: tmp.exe File opened (read-only) \??\P: tmp.exe File opened (read-only) \??\S: tmp.exe File opened (read-only) \??\X: tmp.exe File opened (read-only) \??\L: tmp.exe File opened (read-only) \??\M: tmp.exe File opened (read-only) \??\Q: tmp.exe File opened (read-only) \??\T: tmp.exe File opened (read-only) \??\V: tmp.exe File opened (read-only) \??\B: tmp.exe File opened (read-only) \??\G: tmp.exe File opened (read-only) \??\R: tmp.exe File opened (read-only) \??\U: tmp.exe File opened (read-only) \??\W: tmp.exe -
Suspicious behavior: EnumeratesProcesses 49 IoCs
pid Process 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe 1572 tmp.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 1572 tmp.exe 1572 tmp.exe