Analysis
-
max time kernel
118s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
29-01-2024 14:36
Static task
static1
Behavioral task
behavioral1
Sample
e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe
Resource
win10v2004-20231222-en
General
-
Target
e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe
-
Size
15.9MB
-
MD5
e71f816d934824ec9ea4883253934a15
-
SHA1
ebd1b40c57382590987206c812aa24fca1a630c1
-
SHA256
e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f
-
SHA512
b1cd66e481662d709a812c3035de53fd75f4eed1b9377adee4d9a3733ac1a6bdfe6b3f7a07ac34ae97428ebfb5a85689be43b6c1d7e7c41aa314272bd06d6c79
-
SSDEEP
393216:LddzwEHyhqy74edwiSgx3JT/UciuQuZkDwGwvRQiXpOKGVub:0dwON6gxjiuNOhw5QsOKGUb
Malware Config
Signatures
-
Loads dropped DLL 5 IoCs
pid Process 1996 e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe 1996 e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe 1996 e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe 1996 e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe 1996 e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1996 e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe 1996 e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1996 e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe"C:\Users\Admin\AppData\Local\Temp\e8fad327415852029ed5f678fce07d57b1b0c47588ca91200a6a99923bbf7d4f.exe"1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:1996
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5KB
MD5b49d6564c3897f96e2750aae764f7b47
SHA1d4d5a4c7ddb8fb17496206364bfd84d0db69d28f
SHA25631b5a8dc9026d871db07ecfb542869db1fd8ade38c6424dfe32edfe6c13473ff
SHA512cdfbd8826ed88af3beeb60b6fb850382b700bd7f908c0947fa14719173efadd227f908aa160263d6cf028db1c26a47ff1673b106281b82b77712e6f919553396
-
Filesize
12KB
MD58ebaa07760345c92c19db6662c2dfb7d
SHA125f981b561bbf267c35c8a4d761fb90209913bb7
SHA25682d6235ad68a124bb1ce7bd9575011e089ffa9e0634c88b46c0d9a32834e459f
SHA51231e9e0927b000a7512091dce7ea6b6ea1f813de89aead95dfa97086733ed9a6d2093a029a0a3323aa47a64a79a1edc762099e66070c7f9939e681eb072a781e3
-
Filesize
9KB
MD555e14a574a8a4fc26cb19ba400d69cd0
SHA1b729aa39c49c53637c0b298b16d2a65e5939a450
SHA256d8f580613c63daa9a2bea73c508a147bd36e9d77c5ed6f1e5dd12d07fa302484
SHA512dc8cba045d913975822d6303137011ec5b345538604da99dc1d86751df468c5fb32d1baa000d34d29a089c334c56131a24b51c469670505be2462e6eb6a41e7a
-
Filesize
5KB
MD51893074522a853f68805a1b99a6ed91b
SHA1cf0ddafeb6f3b5ef496ba03d2d170fbd796aecea
SHA256cd85f428b4eac6c766b95491cc44959d47d3ba578f37cf402a8d5d5d8e2a00c3
SHA5127779b3b64d9cc16b576bf3a3513b43620efdd72351e451c7a70c5c0728592300b6adfc24d6efbc4f3107834a14b9de424e1478d9d69b22bbbaea9d53ec3d6f43