34113824188c9b8a4b387ebe9c35dea25eeedf30a794a88f0c29b1ac3fc38f95

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 21:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c9afc2307527f4d3dba03d6aefe23a34.exe
Size

19KB
MD5

c9afc2307527f4d3dba03d6aefe23a34
SHA1

85810fae5038f654f0197916b04e10ee1edd0a1f
SHA256

34113824188c9b8a4b387ebe9c35dea25eeedf30a794a88f0c29b1ac3fc38f95
SHA512

4778bd643c70d178f091b2a10db08f8fff009b85d237ce5ceb1b77a81e619d5e31c005e5ee36f02192a2285bc3d5d6f77fd5978cd557b2515e8da188ce11ff73
SSDEEP

384:wVTg/B19SEvzMha3Fx9Q6KmeKLoexpHX+0dMTLTA5N4RNz:aTWHSELXI6ToqHOwvD4RNz

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe
4064	c9afc2307527f4d3dba03d6aefe23a34.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4064	c9afc2307527f4d3dba03d6aefe23a34.exe

C:\Users\Admin\AppData\Local\Temp\c9afc2307527f4d3dba03d6aefe23a34.exe
"C:\Users\Admin\AppData\Local\Temp\c9afc2307527f4d3dba03d6aefe23a34.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4064-0-0x0000000000D50000-0x0000000000D5C000-memory.dmp

Filesize
48KB

Download
memory/4064-1-0x0000000002DA0000-0x0000000002DA8000-memory.dmp

Filesize
32KB

Download
memory/4064-2-0x00007FF9C7C00000-0x00007FF9C86C1000-memory.dmp

Filesize
10.8MB

Download
memory/4064-3-0x000000001B850000-0x000000001B860000-memory.dmp

Filesize
64KB

Download
memory/4064-4-0x00007FF9C7C00000-0x00007FF9C86C1000-memory.dmp

Filesize
10.8MB

Download