Analysis
-
max time kernel
149s -
max time network
137s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 17:32
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20231215-en
windows7-x64
3 signatures
150 seconds
General
-
Target
tmp.exe
-
Size
301KB
-
MD5
d7e07baf23641fa08a4067ca07ea4b4d
-
SHA1
eda4e790cde8b30cb46558b94415e4a916f56e78
-
SHA256
c7cbef34bbc2ae01c9131646954a2fec8ab6f7cbd70ee2d92eada6796884e1b8
-
SHA512
ffc65c88345d482bbfe100f8ca804b4470dedab81c580873e5134872d41aa74c9bb11c3978165b0f62e275b2c95f2c158f02222d02e64f7e794bc157699f89a5
-
SSDEEP
6144:HhjGvEehzo1urn+utlHJ3hfcAOqGJF/p/uwONct43j92UysA:H12Eehzo1uDkf9pGHNu4B2UW
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 22 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
tmp.exedescription ioc Process File opened (read-only) \??\B: tmp.exe File opened (read-only) \??\K: tmp.exe File opened (read-only) \??\V: tmp.exe File opened (read-only) \??\Y: tmp.exe File opened (read-only) \??\M: tmp.exe File opened (read-only) \??\P: tmp.exe File opened (read-only) \??\W: tmp.exe File opened (read-only) \??\O: tmp.exe File opened (read-only) \??\Q: tmp.exe File opened (read-only) \??\R: tmp.exe File opened (read-only) \??\T: tmp.exe File opened (read-only) \??\I: tmp.exe File opened (read-only) \??\J: tmp.exe File opened (read-only) \??\L: tmp.exe File opened (read-only) \??\N: tmp.exe File opened (read-only) \??\U: tmp.exe File opened (read-only) \??\X: tmp.exe File opened (read-only) \??\Z: tmp.exe File opened (read-only) \??\E: tmp.exe File opened (read-only) \??\G: tmp.exe File opened (read-only) \??\H: tmp.exe File opened (read-only) \??\S: tmp.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
tmp.exepid Process 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe 3048 tmp.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
tmp.exepid Process 3048 tmp.exe 3048 tmp.exe