cd76a354a02015517a2b50d75aa3b68dd0e3164adbb040f6317251016bc62b21

Resubmissions

20-03-2024 23:00

240320-2y4btadd85 10

15-03-2024 20:34

240315-zcmqtscf84 10

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
15-03-2024 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Media-Player_160889.exe
Size

9.2MB
MD5

57ae7f3dcb2bbdf3702aa2145a15a84a
SHA1

2467a184982fee815f369ce35d7a9a49b41f1739
SHA256

fd50f25603c80e0b8a147e6a1abe099cd04b3c11b5ef8b32b232a466ec1d1815
SHA512

9cb19919a22bd00507cecd2ec2d26608ea5bc6b3ad498d08a3074fefe53c3aae4a508275dfe0b45fe77598c6279939653bd615cfe922b06127785b69f2fa29a6
SSDEEP

196608:vIQYIVpSDC2cZpQKehATj+d4XLqezaQwfwsFCflWpw5qJeQJ/UQfWY62LHb0vrpt:vrYIVpSDC2CpQKemTj+dhCDgJsv6tWKW

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2320	Media-Player_160889.exe
2956	Media-Player_160889.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2320	Media-Player_160889.exe
Token: SeDebugPrivilege	2956	Media-Player_160889.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2320	Media-Player_160889.exe
2956	Media-Player_160889.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2320 wrote to memory of 2956	2320	Media-Player_160889.exe	28
PID 2320 wrote to memory of 2956	2320	Media-Player_160889.exe	28
PID 2320 wrote to memory of 2956	2320	Media-Player_160889.exe	28
PID 2320 wrote to memory of 2956	2320	Media-Player_160889.exe	28

C:\Users\Admin\AppData\Local\Temp\Media-Player_160889.exe
"C:\Users\Admin\AppData\Local\Temp\Media-Player_160889.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Users\Admin\AppData\Local\Temp\Media-Player_160889.exe
  "C:\Users\Admin\AppData\Local\Temp\Media-Player_160889.exe" --ac
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads