Analysis
-
max time kernel
122s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
-
submitted
28/01/2024, 03:32
General
-
Target
7c08913f28e61d4e87b5f2bfde7780e4.exe
-
Size
70KB
-
MD5
7c08913f28e61d4e87b5f2bfde7780e4
-
SHA1
4a031c30ba68cae93e15e01ed87a105d08b6e4e3
-
SHA256
13c2774c0be72fde65990a8103ff941bdd14e223e207e72dfa37c7d3238792a7
-
SHA512
66f05bd0b12f15853f49c4d6afe346a715f9e70e4a4e6af7795af16a231fce574bd58554c3931b98e087d448ac1a765301f473bd28e37b10ec236dd647f32f7b
-
SSDEEP
768:db8ysuYQGbP8V09JZfth/gVcS+2yQ0dBSsFxQIb4mnnbTu8avuaT3TwnjcrUJnd3:poAufQuPnnb63vl3TwXJndzk6H
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Windows directory 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\7c08913f28e61d4e87b5f2bfde7780e4.exe"C:\Users\Admin\AppData\Local\Temp\7c08913f28e61d4e87b5f2bfde7780e4.exe"1⤵
- Adds Run key to start application
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\rund1132.exeC:\Windows\rund1132.exe "KILLQQ"2⤵
- Executes dropped EXE
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD57c08913f28e61d4e87b5f2bfde7780e4
SHA14a031c30ba68cae93e15e01ed87a105d08b6e4e3
SHA25613c2774c0be72fde65990a8103ff941bdd14e223e207e72dfa37c7d3238792a7
SHA51266f05bd0b12f15853f49c4d6afe346a715f9e70e4a4e6af7795af16a231fce574bd58554c3931b98e087d448ac1a765301f473bd28e37b10ec236dd647f32f7b