f93934e6c070ba186a2dc3fa3e71a3fe134905c600012e718bd31079d476691b

Analysis

max time kernel
142s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
03-02-2024 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8bb36111efbf5dbb8006e13984f65a54.exe
Size

54KB
MD5

8bb36111efbf5dbb8006e13984f65a54
SHA1

4834ec6c74b8ba6e484cf443fbf192adeb409814
SHA256

f93934e6c070ba186a2dc3fa3e71a3fe134905c600012e718bd31079d476691b
SHA512

8621ef1792921bad8b493497af17a1e689e1d8606abe40ae97d66664e4ee88e896dd2cfc315fa37afacbedfac498f10a7a4eb56347573a7fa6babddcfdd5b76f
SSDEEP

1536:P9qukB0GQt5es8Am9EV6g2Lg49qukB0GQt5es8Am9EV6gp:u0esHDY090esHDYS

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\H:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\G:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\Z:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\P:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\Q:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\M:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\L:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\K:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\I:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\W:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\T:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\X:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\U:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\S:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\R:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\O:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\N:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\E:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\Y:	8bb36111efbf5dbb8006e13984f65a54.exe
File opened (read-only)	\??\V:	8bb36111efbf5dbb8006e13984f65a54.exe

C:\Users\Admin\AppData\Local\Temp\8bb36111efbf5dbb8006e13984f65a54.exe
"C:\Users\Admin\AppData\Local\Temp\8bb36111efbf5dbb8006e13984f65a54.exe"
1⤵
- Enumerates connected drives
PID:1972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1972-0-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-1-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-2-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-3-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-4-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-5-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-6-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-7-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-8-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-10-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-11-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-12-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download
memory/1972-13-0x0000000000400000-0x0000000000416000-memory.dmp

Filesize
88KB

Download