06facc14817d842d2d67c7ecc33fe4013cd5be7aa73efaebf75806b5b42bca80

Analysis

max time kernel
68s
platform
windows11-21h2_x64
resource
win11-20240214-en
resource tags

arch:x64arch:x86image:win11-20240214-enlocale:en-usos:windows11-21h2-x64system
submitted
20/02/2024, 16:51

Target

LS.exe
Size

15.0MB
MD5

ad593ccb75068b98a94bf140912ab23d
SHA1

443a7734af66981fe7cefc798e51341bb4c1f913
SHA256

0b9376a07972ae9b6af9cf42e2b6ce583b82ee9b92f1c791698bee2742398513
SHA512

4203339030a41e2d84b2d19598adc30c628a7640ff8564283bf79b39b0d157c4d6eb1b92611c2b7fe96bb5023dab3e2c899fca78e425df5539c1ee6dc295010e
SSDEEP

393216:YISineJKCvy4sQ2nE8kZle7bRorWMFPlL:/lecCq8IHCe79or7FPV

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2908	LS.exe
2908	LS.exe

Suspicious use of SetWindowsHookEx 4 IoCs

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\LS_Settings.ini

Filesize
93B

MD5
66c7a6260c68aa68a492774ba2e09b3b

SHA1
3b7182d2a15e27b0852273ee411e08f510bfcd82

SHA256
64a66e2c1c435afae895200fadb9226cfd9261384bc7d0afd3aec7cca4b15395

SHA512
9e4266aed4188797cd0e97fda0fc717fe4f9b102a4de2ed142d2bae82f02adb69ef789b45c4f821edc0b138add16872f83fc50da52af83945126e9b85bdea1ec

Download Submit
memory/2908-0-0x0000000000400000-0x0000000003D57000-memory.dmp

Filesize
57.3MB

Download
memory/2908-6-0x0000000005C30000-0x0000000005C31000-memory.dmp

Filesize
4KB

Download
memory/2908-18-0x0000000005C30000-0x0000000005C31000-memory.dmp

Filesize
4KB

Download