ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900

Analysis

max time kernel
89s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
13/03/2024, 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
Size

18.0MB
MD5

694e030c0f81c5c9f7cdd509b2452ff8
SHA1

9bebd2a8d7f507aeb965f2ae1cec10c3292a0bfb
SHA256

ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900
SHA512

763d199bc931433cdc5a2bbd3853da8132ef5790c745d122549c66a90171bb0bfc5ed4dc5ea65233ca83d0bb7ae36ae0a6999cd2115dedd579853fdfd9a70d41
SSDEEP

393216:rIQArQSyy44nu4lH2UTAHy0JPP24jufJtdzQM036Z:erQSyy44nuwWUTcO4juGf36Z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1468	autorun.exe

Loads dropped DLL 1 IoCs

pid	Process
1468	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1468	autorun.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4972	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4972	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1436	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
1436	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
1468	autorun.exe
1468	autorun.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1468	1436	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	90
PID 1436 wrote to memory of 1468	1436	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	90
PID 1436 wrote to memory of 1468	1436	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	90

C:\Users\Admin\AppData\Local\Temp\ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
"C:\Users\Admin\AppData\Local\Temp\ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1436
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:1468

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f0 0x37c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\Telephon_2.ogg

Filesize
150KB

MD5
ce279d6ee8450374961c60924ea5eb50

SHA1
7c0de7269a0aa86b038e4725012ac66cda10ea3a

SHA256
4ff14f2ce69df353d215e56aa54beb09c644450e2d6b9ce55068b95de0a1d794

SHA512
75c9afc97110cd8b614d69cd0a68099218fb109ee0094543473ad5cf1fd3b19cc0377c426e147c7b2870c95d4e7e7f77ee6f35d12ba72d80e30d4b63c3a80a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\0004-luna.btn

Filesize
3KB

MD5
285147a9684de9e00291c613cf8a5daa

SHA1
6a74c4bd2edd345ef7bc40e819e9602fbe4343db

SHA256
d273fd92c260dd69a1dedfe0f1075a193a3b4c74bc4e34a4de249f058bcf6a11

SHA512
8378c09ea38f6669d60bf173772c6e2b54cd1c14accfd2499f864c20d1eda1c486c5e697c7b1886767789b57218cb8f2f4d43babf8ff5d6818b6fb6fc20c9e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\1042_0001.btn

Filesize
11KB

MD5
c225da8d05d9b6fc99fdfbdbc13dee0f

SHA1
6df43ec01fbd5558d192f1ed17e75f3f8f9a7ab1

SHA256
8ed92aa88f825fcc44bc57f4f51812c0ddba6054996d0273a753b7ae610f18d1

SHA512
e288e9bde61cc2d69d3ee2dcc3d150d77af268f743d5881fa0b65a4e3f8c839a180632dfe7fabba5081040af8f1fb8c88f2a6e258515dfb62f910ca57d390d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\1042_0003.btn

Filesize
22KB

MD5
89b60456a43310f42c7fd225a63e0719

SHA1
152ea693717e7778a16a2385416c4d522dafce5c

SHA256
15172fd4074b84765dfba931983b38338760d6cf07c1d64274a82c0237cb2c42

SHA512
4667f7b0cf4a5c54c1fd1ff3c5aedd9f0efd0e8d26683f007063f6e76e8309f0c6553d79c6f67741427f8fa2c5affa6558990cf49b933536f3d5f66a6bc544e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\21616383_274383643079431_5391337216637019769_n.jpg

Filesize
40KB

MD5
64810bb1b3bf274ca706916257dab1dd

SHA1
590eb92f3b86ccc57642552e56168218f633e689

SHA256
2189860f24abba65cd302cdffa031926de51cf9e78e60cdedbfd863b8d7975a8

SHA512
ac88fd86776bd4cfe0ce0705ff3bdbf50aa0e8a7aa4ceab312cbedace6740d83cb0702a4478dcb77665502b4d17f5c77fbbd5ac98e8781de3772984951bf525c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Bar-Horizontal-006.png

Filesize
1KB

MD5
17e1aec21071b567921c447a85307a59

SHA1
415ae5698148170658ac4668f3fddacd0007c6cb

SHA256
1ce7481e3cebf47fedd8f673d07b3aae9f8d14e7dcad1d2314f39b675f269f50

SHA512
106d5ab28be2d5eb2ca4f74733b9a22ff3bba1e43113ef6df4cc47979f57492d7891341a44613d76eb2e68e4cc009e885644b8fe1a6f6f1c7d5cfd1b5c3cdbbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Bar-Horizontal-008.png

Filesize
3KB

MD5
085bdf59a3ecd3045043c7dc0b9b3b3e

SHA1
b3cd7663841ccabac5647f6eafa8139e361c2bc7

SHA256
b5c18a13ed288982137631adc4ad5c1374c33536844411edc572b45f6e7e6092

SHA512
abd2f396e9a370b9687accf016efe71bb8cb14546f18b5db8a7784242c3874d434031595ba309d2e7fc246a7b79c837c2bf8f45f505ab259fe59c36ca42c57db

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\ÃÙ»ÇÔÇ´¹µÃÕ.jpg

Filesize
384KB

MD5
c39d48af0fcc79fe792fb71b72117db4

SHA1
6072676939a6d20621e422ef90823dc59a389412

SHA256
00b6a649c97091597b6126d4ecabd062c3296ea70f4271d92fccbbb374bf4d9a

SHA512
e671f3d98b29d6068222b94a614a7c0e03d2eecb60f7b6d5cfb68669af88b578ce25bd9a284bace89f0446054117706643054a515c509fd678af5fcef182bda7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
920KB

MD5
78ea8e1289fe9a924f925373f0b61a20

SHA1
05f85401142c11aa83238336b4a6547aa83a3305

SHA256
98fc930032705b2ea23d7e3bbccdaeeb395afb5e548dc84b424036b2147bdf4a

SHA512
8b4092b9a76297c075270ae8750aedcd4a56dd770009e48317ac3bbff967916209f1bc5331dcf91b88c557ecca46b1b30703c82e6be17a2d95d606a0c44677c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
4.8MB

MD5
de0a5288cee347aa63ab1442ea9cb2a4

SHA1
a96ca664d07182f9603416cd9d368c37e1f13015

SHA256
b4f4641db5acb3a5b35003cb07312caef33440496b08b5c1a3298b5ece8f5274

SHA512
5490a287feefa5e71cec76abcf3a3d323692fade48ee57ac273e23d9ca7dd0b392380c0e2cfb9f3486d3cb1d62938e6b8fb36210484489770148d32c0b11a88f

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
5.5MB

MD5
37352322dded7f1b1f578c11d1a0b73d

SHA1
1f83be63f540fe8bbf351de9a093cafad00b2c98

SHA256
86859ec07da0da52d98905f0d876f847b38a8e3eb3e254b69281bf47bfbdbd06

SHA512
df523eab70e28baef67a2336e0a6e39df9bb2ca18f398ef0cc6e99ef98b7ef25b629174b2880dc35fbf9c4fb76952868afaeeb652c9c0c8553dff17530830b09

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\client.ico

Filesize
24KB

MD5
cf8b3038b5427008ee1d49762c230f86

SHA1
32aa3274eef2410cba5c92b48fcd44c493614c88

SHA256
2b1439096e7e2493d17ae837ce9bb484c1d288686ce63d83d867258bef138016

SHA512
42703c3c71fad31682fb23ee53ffb6a8ff0d27b9f122c8448e653fff82b5a7721227bf58ec8c3df5b7b00aba1eb4f540f5c5950836f461ef7bbe4b0b6c02797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
322KB

MD5
c3256800dce47c14acc83ccca4c3e2ac

SHA1
9d126818c66991dbc3813a65eddb88bbcf77f30a

SHA256
f26f4f66022acc96d0319c09814ebeda60f4ab96b63b6262045dc786dc7c5866

SHA512
6865a98ad8a6bd02d1ba35a28b36b6306af393f5e9ad767cd6da027bb021f7399d629423f510c44436ac3e4603b6c606493edf8b14d21fabf3eab16d37bd0d25

Download Submit