04b5fb1e2035d38a2f88402f94cc3175ddab2c1ea4d840cd63d3c86391801afc

Analysis

max time kernel
95s
max time network
121s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
16/03/2024, 00:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ccb134bc53eef29e10136aafa16ecf68.exe
Size

161KB
MD5

ccb134bc53eef29e10136aafa16ecf68
SHA1

f9d95d0c30e81ed4c2b4a950dc7f71b8be68b77f
SHA256

04b5fb1e2035d38a2f88402f94cc3175ddab2c1ea4d840cd63d3c86391801afc
SHA512

25e74bdf167962f6aa675213e42bce2f9c2e4f1e6f0aaae5de72471cc33cd4178dbeeb817acdf1f842e475c6dd08f1cf9e34511ce6debc1a220683a15b63a6cd
SSDEEP

3072:nx6UW6tpmJYaCiAVJBM2h9Qox6IPHeqo3Sc//////Q3pde:nxDLaBAV3hOm6UNc//////ca

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3760	wjjmi.exe

Loads dropped DLL 38 IoCs

pid	Process
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe
1080	ccb134bc53eef29e10136aafa16ecf68.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3760	wjjmi.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1080 wrote to memory of 3760	1080	ccb134bc53eef29e10136aafa16ecf68.exe	84
PID 1080 wrote to memory of 3760	1080	ccb134bc53eef29e10136aafa16ecf68.exe	84
PID 1080 wrote to memory of 3760	1080	ccb134bc53eef29e10136aafa16ecf68.exe	84

C:\Users\Admin\AppData\Local\Temp\ccb134bc53eef29e10136aafa16ecf68.exe
"C:\Users\Admin\AppData\Local\Temp\ccb134bc53eef29e10136aafa16ecf68.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1080
- C:\Users\Admin\AppData\Local\Temp\wjjmi.exe
  C:\Users\Admin\AppData\Local\Temp\wjjmi.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsw4A87.tmp\System.dll

Filesize
10KB

MD5
810f3a0aefe36a9f63e29e604bea91a9

SHA1
2559d3d4adf51f8ecbe2d07e669e344eb7d0bd80

SHA256
f160eb7a1b4eb8d2e99e7424ae058acd81ba5019e43cbfa0ce81e3102b356779

SHA512
836b73c38ab60260e1bc81ebf8347e14d02453fc361b7d6f10f137287b8189f8bc43758ce2d9def8fd1c71112aab7ef1930af2d64ae69f6d4e58a6fe17b310bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsw4A87.tmp\inetc.dll

Filesize
20KB

MD5
50fdadda3e993688401f6f1108fabdb4

SHA1
04a9ae55d0fb726be49809582cea41d75bf22a9a

SHA256
6d6ddc0d2b7d59eb91be44939457858ced5eb23cf4aa93ef33bb600eb28de6f6

SHA512
e9628870feea8c3aaefe22a2af41cf34b1c1778c4a0e81d069f50553ce1a23f68a0ba74b296420b2be92425d4995a43e51c018c2e8197ec2ec39305e87c56be8

Download Submit
C:\Users\Admin\AppData\Local\Temp\wjjmi.exe

Filesize
60KB

MD5
40cdcabcfa3e46d7a8b046fd6a93a16f

SHA1
dda33299a874d434d3f0d39a345daec30b924354

SHA256
1e29dd95885ef82d7693f2917fdde4d23ecf310ffea8a03879119bc0a6468eca

SHA512
8d8b426ac398f82629e15f57d9e5df42cea8e0eedc1a692c2839e8d2f8d0cb28ac9ed38af5168656f102d9040754a2dee08b35613e19284d991305c30c1264f7

Download Submit