e56cbb857f8c0adf17dbf261c41b29a4d559194445af3d1fa55512902ed50071

Analysis

max time kernel
136s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fe009952fde9b4dfe1c7289a1160dcf.exe
Size

1.4MB
MD5

7fe009952fde9b4dfe1c7289a1160dcf
SHA1

d80db3b0b2b5fa1b0e7b79e12d44a12bc395ff92
SHA256

e56cbb857f8c0adf17dbf261c41b29a4d559194445af3d1fa55512902ed50071
SHA512

47165173cf9679be1bb441bc409f9cc89a004746dfa06d03eeee9beded3b5ce7c8d5f69bb7627a3b4993185e2a9b6249a3fb7720bc0d7d86121ae6d9e2010e04
SSDEEP

24576:vrCVAFsOL3jkfZ3Usmqgp9VdvwEtH6BpoaB2+n1oVqdVu1zvvTv4cZy/8KyB35cT:umVkBkZp9VKEgUaB2+1VE1zkjEKyJdc

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Winamp\Plugins\240601609.tmp	7fe009952fde9b4dfe1c7289a1160dcf.exe
File created	C:\Program Files\Winamp\Plugins\Out_Volumelogic.dll	7fe009952fde9b4dfe1c7289a1160dcf.exe
File opened for modification	C:\Program Files\Winamp\Plugins\Out_Volumelogic.dll	7fe009952fde9b4dfe1c7289a1160dcf.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\eSellerateEngine.dll	7fe009952fde9b4dfe1c7289a1160dcf.exe
File opened for modification	C:\Windows\eSellerateEngine.dll	7fe009952fde9b4dfe1c7289a1160dcf.exe
File created	C:\Windows\Volumelogic Uninstaller.exe	7fe009952fde9b4dfe1c7289a1160dcf.exe
File opened for modification	C:\Windows\Volumelogic Uninstaller.exe	7fe009952fde9b4dfe1c7289a1160dcf.exe
File created	C:\Windows\240601609.tmp	7fe009952fde9b4dfe1c7289a1160dcf.exe

C:\Users\Admin\AppData\Local\Temp\7fe009952fde9b4dfe1c7289a1160dcf.exe
"C:\Users\Admin\AppData\Local\Temp\7fe009952fde9b4dfe1c7289a1160dcf.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:4092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aaiw240601486.bmp

Filesize
326B

MD5
4cf7475e76cb7892a79cc4da8dac51a5

SHA1
54bdca44165458ff4095a536a2dce1f5a2f37c2d

SHA256
ea7860c41776b228b3c6e8286a237933c15a015451cdc78de891c1ca86ff080f

SHA512
aab5dbb5f3cc35e80fa9fb9020fcc12d07819c58affe0463275248a808dc0a6b7b410d14d3668f94542db1948db9f5266e406fb9f8769145d09359e9063b0756

Download Submit
C:\Users\Admin\AppData\Local\Temp\aiw240601484.EXE

Filesize
52KB

MD5
c4340b65216b1758e5a0974c1481928b

SHA1
4b2984755976ec2cc9684ca4fa4f296d489fa37f

SHA256
7fe71d7df59ed4ef964c6f1bde29ac5e698006127b39ffa7f260bebb65917403

SHA512
d4cbfd2e9e3a3b62813fed2d6a50ef774d8be27cfe8893da0f96641599b966607e94ca1c9dcfb4ab923befe31f49b8cc3700eec1fd59d1c0f311e50477250cb4

Download Submit