Analysis
-
max time kernel
117s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
26/01/2024, 23:35
General
-
Target
78af6991d8deb6c9ad2c512d401d0d93.exe
-
Size
92KB
-
MD5
78af6991d8deb6c9ad2c512d401d0d93
-
SHA1
eeb07a4b19061909174ac8833399788da5f23463
-
SHA256
e452aa97d4dc12089f8ea55b3ce39a44b7b308a52b3ec7371e79f17551667746
-
SHA512
3c687d662d1f46f86cf704ee3ede0e0d6a0fa18ba17433cdde20909fe9e42cb56eb0dfaca83e295688a9301de3401956214ea4ff017509015fd01b46e9a7c3cc
-
SSDEEP
1536:j6OPg+vOxt0c5hfHP1qlmv60lHj4UraTPVPSPkP4PjPAkbohaWdV7lObdEZxHwAY:LP7A0c5Olmv60l3LbohaMAuwiNCP7r
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\78af6991d8deb6c9ad2c512d401d0d93.exe"C:\Users\Admin\AppData\Local\Temp\78af6991d8deb6c9ad2c512d401d0d93.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\teesol.exe"C:\Users\Admin\teesol.exe"2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD560b3f0480d441b09d34bf1af1f50950b
SHA1d062d9e728f7841b7bb15970af9e7ea4c92bd2ee
SHA25637efeaa2a09768a0f2a5343b05098f5ca83876ed03dc9857e835e41b5c4178b4
SHA51278c01054939d41335a2c87a86284a16ca2971b4c43a9029e308f23d8805580ee42f4c3ba1720e50d4a133b6c7ae157105d0a331d2881e9c7ac22d84a1f8cac3b