Analysis
-
max time kernel
136s -
max time network
127s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system -
submitted
14-03-2024 04:09
Behavioral task
behavioral1
Sample
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
Resource
win10v2004-20240226-en
General
-
Target
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
-
Size
4.9MB
-
MD5
b2306ae0dcd36a0d84f954825178d594
-
SHA1
68f1e3ce4782a242cfcc4fee968b150a3f208bf7
-
SHA256
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e
-
SHA512
4b6826642012c285eb10f530fd490ac4a118cf6a79b05c169936dda90568cace35829a6923da87222d11d7fe03b2cc10a347b9b93e67c6d6e4acb1d54628bf5d
-
SSDEEP
98304:w3StAYjEtOdVEfrmNNTC2zM9yklTIh5DBWM2UPXY+3C:w3St3dRNUj9rlgeMK
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exedescription ioc process File opened (read-only) \??\F: 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
Processes:
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exepid process 2156 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe 2156 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe 2156 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exepid process 2156 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe 2156 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
Processes:
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exedescription pid process Token: SeDebugPrivilege 2156 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe -
Suspicious use of FindShellTrayWindow 1 IoCs
Processes:
2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exepid process 2156 2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe"C:\Users\Admin\AppData\Local\Temp\2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe"1⤵
- Enumerates connected drives
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2156
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1KB
MD58f51d40ed1cc71d4cff63d9e408166fe
SHA1a5fa6cecee524c99cf157bf3a615c0e10c2ec126
SHA25639cd743f90f55e34e8626f326de0bc1c61646189a2abb9677492799831465f74
SHA512f0844cac5fc6a64e2f4414719eb7320996bc1f455045fabf61c22d4629381791b8962ebc468da8425213cab4e5a914b9301bdbd0224317072d940865f4daf66e
-
Filesize
985B
MD5b6956ffad6fba926cdb4f828e1ad4fb2
SHA12dca631b7440d3aeee584e0afbf94cb461b35c82
SHA256e650328e274f5af93aefb8cf257b420bedc9806815349a7f9d778f579f795be1
SHA512595d778eef3fbf2579de772f0045b67d7416577d34a5d275ce967b6748405a65fb5a7b314487be2e2579dd319e3c2a9ff91920dec30cc650827b3cd08a7c167e