Overview

overview

5

Static

static

5

AutoIt3.exe

windows7-x64

3

AutoIt3.exe

windows10-2004-x64

3

script.exe...pt.ps1

windows7-x64

1

script.exe...pt.ps1

windows10-2004-x64

1

script.exe...AL.ps1

windows7-x64

1

script.exe...AL.ps1

windows10-2004-x64

1

script.exe.a32.exe

windows7-x64

3

script.exe.a32.exe

windows10-2004-x64

3

Resubmissions

20-03-2024 17:17

240320-vtqftsef8z 5

20-03-2024 14:47

240320-r5yd2aba29 5

Analysis

  • max time kernel
    599s
  • max time network
    619s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    20-03-2024 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    script.exe.a32.exe

  • Size

    772KB

  • MD5

    702e7e7ad171bb9910c507263bb518ee

  • SHA1

    37f0a6b1fc2feaf245146bb6f66334f4f6ba3966

  • SHA256

    0b49440cc8ba6e797f64cfcbe78c2c65297cacaabe5213b0884232e9f18c8eff

  • SHA512

    a52d894bf2394ed7b7c4eb847950d7c0cd3da0ac3dbcb815cbed6c26157358c9d92861badd2cea9045399df07dc9352d0ba9c2453d0834190ae5e8bfa8878d77

  • SSDEEP

    12288:CgDhdkq5BCoC5LfWSLTUQpr2Zu19Qo8ZDJggaVokq7ki2rRpL:CgDhdkMRWfLTUO2Zu1uo8ZDJvaUkiuh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 5 IoCs
  • Suspicious use of SendNotifyMessage 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\script.exe.a32.exe
    "C:\Users\Admin\AppData\Local\Temp\script.exe.a32.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:2428

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads