dcf652f2236a8a3d69b0cd155ad139c194494cf31c0dad2322390a4556147312

Analysis

max time kernel
140s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-02-2024 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eb5d82f5b52dda399ba916c36984b0b.exe
Size

1.3MB
MD5

8eb5d82f5b52dda399ba916c36984b0b
SHA1

d6fc83397ad9d8fc894fcbd6b6360168337648f7
SHA256

dcf652f2236a8a3d69b0cd155ad139c194494cf31c0dad2322390a4556147312
SHA512

aaa3b8d0a80179715bc2e6d92590e2133d1cd6aa1a4b2bee3751be320ccd588a1abe7f5164de634321f05d70ece651671e9d96b25938f5cd15479eb2a38cefd9
SSDEEP

24576:5v9WiQyIwR/meuXMqYFm9dmmt3ujlXFp+E2SA6xt81nt3p:99WJyz/nqZ95t2X23Stt8fZ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1752	8eb5d82f5b52dda399ba916c36984b0b.exe
1752	8eb5d82f5b52dda399ba916c36984b0b.exe

C:\Users\Admin\AppData\Local\Temp\8eb5d82f5b52dda399ba916c36984b0b.exe
"C:\Users\Admin\AppData\Local\Temp\8eb5d82f5b52dda399ba916c36984b0b.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1752-0-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1752-1-0x0000000000400000-0x0000000000665000-memory.dmp

Filesize
2.4MB

Download
memory/1752-3-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download