Analysis

  • max time kernel
    136s
  • max time network
    127s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-03-2024 04:09

General

  • Target

    2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe

  • Size

    4.9MB

  • MD5

    b2306ae0dcd36a0d84f954825178d594

  • SHA1

    68f1e3ce4782a242cfcc4fee968b150a3f208bf7

  • SHA256

    2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e

  • SHA512

    4b6826642012c285eb10f530fd490ac4a118cf6a79b05c169936dda90568cace35829a6923da87222d11d7fe03b2cc10a347b9b93e67c6d6e4acb1d54628bf5d

  • SSDEEP

    98304:w3StAYjEtOdVEfrmNNTC2zM9yklTIh5DBWM2UPXY+3C:w3St3dRNUj9rlgeMK

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe
    "C:\Users\Admin\AppData\Local\Temp\2ee6dfbfb2afd7442c9f2212eb142876698851c3ffb552ee420c0281e35a836e.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:2156

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\3D Objects\# DECRYPT FILES BLUESKY #.html

    Filesize

    1KB

    MD5

    8f51d40ed1cc71d4cff63d9e408166fe

    SHA1

    a5fa6cecee524c99cf157bf3a615c0e10c2ec126

    SHA256

    39cd743f90f55e34e8626f326de0bc1c61646189a2abb9677492799831465f74

    SHA512

    f0844cac5fc6a64e2f4414719eb7320996bc1f455045fabf61c22d4629381791b8962ebc468da8425213cab4e5a914b9301bdbd0224317072d940865f4daf66e

  • C:\Users\Admin\3D Objects\# DECRYPT FILES BLUESKY #.txt

    Filesize

    985B

    MD5

    b6956ffad6fba926cdb4f828e1ad4fb2

    SHA1

    2dca631b7440d3aeee584e0afbf94cb461b35c82

    SHA256

    e650328e274f5af93aefb8cf257b420bedc9806815349a7f9d778f579f795be1

    SHA512

    595d778eef3fbf2579de772f0045b67d7416577d34a5d275ce967b6748405a65fb5a7b314487be2e2579dd319e3c2a9ff91920dec30cc650827b3cd08a7c167e