148face192ff41e686bfc0079b1efdbfb5e3bb63ae9bf1612a5590fbf6bc7f3b

Analysis

max time kernel
146s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 07:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

vehicles/xc90femboy/360_F_122239302_98BS0lS2BIEXV0FxLEvumc43f3tstLMs.jpg
Size

31KB
MD5

50202d615f2f793fa81808332e484ed9
SHA1

cd5cdbf053cca2c4ad2bd3c1675b63bad6955222
SHA256

a2065e04ba12d4d9981ddde77b7fb2a74eb0ea8cd705749d4ab33da9595093b1
SHA512

0c5296e660f77c90bb058d9a844822478750de463ff811bfc33e15f6c3e07da9fca6f2f4e9c6bb3c2233072ffb81293da020437354aa02c8de287e539faa9b53
SSDEEP

768:SuZIFeQYwjFU7VIIJixVp2E0eCpsK/8Q4x8NzCCVoXs5SH79RCi/uj:SuSNhU7VlsHp2EbCKK/8/mhWvH5RNG

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2948	POWERPNT.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2948	POWERPNT.EXE

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\vehicles\xc90femboy\360_F_122239302_98BS0lS2BIEXV0FxLEvumc43f3tstLMs.jpg
1⤵
PID:4736

C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\root\Office16\POWERPNT.EXE"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:2948

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2948-0-0x00007FFD43BF0000-0x00007FFD43C00000-memory.dmp

Filesize
64KB

Download
memory/2948-2-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-1-0x00007FFD43BF0000-0x00007FFD43C00000-memory.dmp

Filesize
64KB

Download
memory/2948-3-0x00007FFD43BF0000-0x00007FFD43C00000-memory.dmp

Filesize
64KB

Download
memory/2948-4-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-5-0x00007FFD43BF0000-0x00007FFD43C00000-memory.dmp

Filesize
64KB

Download
memory/2948-6-0x00007FFD43BF0000-0x00007FFD43C00000-memory.dmp

Filesize
64KB

Download
memory/2948-7-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-8-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-9-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-10-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-11-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-12-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-13-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-14-0x00007FFD415F0000-0x00007FFD41600000-memory.dmp

Filesize
64KB

Download
memory/2948-15-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-17-0x00007FFD415F0000-0x00007FFD41600000-memory.dmp

Filesize
64KB

Download
memory/2948-16-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-18-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-19-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download
memory/2948-20-0x00007FFD83B70000-0x00007FFD83D65000-memory.dmp

Filesize
2.0MB

Download