37cc3344adb80769c2c8d1ad086443e997f7ed9ba774d32c8de467137672ce47

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 07:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

98c97f4aa965cd789c93ac1227c28d85.exe
Size

357KB
MD5

98c97f4aa965cd789c93ac1227c28d85
SHA1

aa1e7abb3c5a602ac26dfb539d3d8b07aa2b0475
SHA256

37cc3344adb80769c2c8d1ad086443e997f7ed9ba774d32c8de467137672ce47
SHA512

10260235778b00dd86cc82224c4399835e1b0fa6037740a9991b436cb6362537c73325a1c4e7c0e883a5d4ccbf42e2baaf7a57fa2942d2214d3e56f8dcaa2b08
SSDEEP

6144:98yZw0EMTNHw7Ip+rKUEqpjyfe03qJf1zw4T/+8zXTfwcDKl+oSUf:aZ0btw6+rK5qkfe03j4j+cD4choSC

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/1500-0-0x0000000000400000-0x000000000050A000-memory.dmp	upx
behavioral2/memory/1500-12-0x0000000000400000-0x000000000050A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1500	98c97f4aa965cd789c93ac1227c28d85.exe
1500	98c97f4aa965cd789c93ac1227c28d85.exe

C:\Users\Admin\AppData\Local\Temp\98c97f4aa965cd789c93ac1227c28d85.exe
"C:\Users\Admin\AppData\Local\Temp\98c97f4aa965cd789c93ac1227c28d85.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\GetRightToGo\98c97f4aa965cd789c93ac1227c28d85.data

Filesize
1KB

MD5
e475cc8767ca34ff242686dfd7863719

SHA1
a81a7cb3757fefbcdff8b9b9cbb86ef54c004f61

SHA256
220b5860691bb88e9c64bf2f46d5806d9a9a07f717bae48e4ecd4bc92c30a362

SHA512
3c97bc51e92f829df28fd5b76321c116e0f0659d79d1d577c5ecca947446c7a9a1673f5d23c8b76cfc1884fad98ddf11af54e5e970d5369b0b992f29e0dd1f1b

Download Submit
memory/1500-0-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download
memory/1500-12-0x0000000000400000-0x000000000050A000-memory.dmp

Filesize
1.0MB

Download