8764e63ba0ca5ccdb856dbd7b58035cb956feb71f1b0ce112b106692f3cfe804

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 06:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

797928f1509074c5affd6f6082a1a37a.exe
Size

1.2MB
MD5

797928f1509074c5affd6f6082a1a37a
SHA1

09538046e9bb4c77145d15279a32c5f3b056d5b6
SHA256

8764e63ba0ca5ccdb856dbd7b58035cb956feb71f1b0ce112b106692f3cfe804
SHA512

68ebeee5c93f96bb0237baa3becd4cfc10af0cb87d387cb7f4c850f58c8535e36b67286209e93d01f8e7979bead95e5103cfc583483cc0e21ab7b2d0976c69e9
SSDEEP

12288:opuXukhvhpjVwMQE3+5kWnokZAXR0qcjfwy0sQvXKvFZACED0G:oQXbvj2Mv3+5gkZA+qcbwLsQPMED

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1208	DllHost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2060	797928f1509074c5affd6f6082a1a37a.exe
2060	797928f1509074c5affd6f6082a1a37a.exe

C:\Users\Admin\AppData\Local\Temp\797928f1509074c5affd6f6082a1a37a.exe
"C:\Users\Admin\AppData\Local\Temp\797928f1509074c5affd6f6082a1a37a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:1208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\1.jpg

Filesize
2KB

MD5
ba55c660e79ae4961efb630e3f9f5750

SHA1
cda6e8d1bd9c7a1e37bee70e880cc64101c52524

SHA256
9f6b154e65fce86b6aacfd600e8f63f087c68dee1f9f95e45d547b3d58e15cc7

SHA512
7df75f5b9b4bb3618188ad7c42b607c59e731df3bddabd57c6f2393bd0087252f5b5985f2ea15fe151d9e93e0c319c8b181e34bae8c9a6a48fcc12551022bf9d

Download Submit
memory/1208-3-0x00000000001A0000-0x00000000001A2000-memory.dmp

Filesize
8KB

Download
memory/1208-5-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/1208-8-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2060-0-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download
memory/2060-2-0x0000000002450000-0x0000000002452000-memory.dmp

Filesize
8KB

Download
memory/2060-7-0x0000000000400000-0x000000000052B000-memory.dmp

Filesize
1.2MB

Download