6596e5b2aa75bce9ab464728fff96baef1dfbedf223cf2d5cdfaa653c6a002c4

Analysis

max time kernel
151s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 17:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc6fcc356ceb8104b2e551a75131f6c7.exe
Size

1001KB
MD5

bc6fcc356ceb8104b2e551a75131f6c7
SHA1

bdf4dbd4194d2ef07e216f89e87066ce415083f9
SHA256

6596e5b2aa75bce9ab464728fff96baef1dfbedf223cf2d5cdfaa653c6a002c4
SHA512

d90d77391a90597c3e689afc1a9b93ef9c70450cda05b245f604a4b2495d815a21edb221ef62a564bac7715718c2e2682e3a0aba5f7f1c220b2f97b9262b2cf5
SSDEEP

24576:GRmJkcoQricOIQxiZY1iaAhGwrRVsSQmGo4VI:DJZoQrbTFZY1iaOGwdNZiO

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe
4664	bc6fcc356ceb8104b2e551a75131f6c7.exe

C:\Users\Admin\AppData\Local\Temp\bc6fcc356ceb8104b2e551a75131f6c7.exe
"C:\Users\Admin\AppData\Local\Temp\bc6fcc356ceb8104b2e551a75131f6c7.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...