Overview

overview

5

Static

static

5

AutoIt3.exe

windows7-x64

3

AutoIt3.exe

windows10-2004-x64

3

script.exe...pt.ps1

windows7-x64

1

script.exe...pt.ps1

windows10-2004-x64

1

script.exe...AL.ps1

windows7-x64

1

script.exe...AL.ps1

windows10-2004-x64

1

script.exe.a32.exe

windows7-x64

3

script.exe.a32.exe

windows10-2004-x64

3

Resubmissions

20-03-2024 17:17

240320-vtqftsef8z 5

20-03-2024 14:47

240320-r5yd2aba29 5

Analysis

  • max time kernel
    525s
  • max time network
    464s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    20-03-2024 17:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    script.exe.a32.exe

  • Size

    772KB

  • MD5

    702e7e7ad171bb9910c507263bb518ee

  • SHA1

    37f0a6b1fc2feaf245146bb6f66334f4f6ba3966

  • SHA256

    0b49440cc8ba6e797f64cfcbe78c2c65297cacaabe5213b0884232e9f18c8eff

  • SHA512

    a52d894bf2394ed7b7c4eb847950d7c0cd3da0ac3dbcb815cbed6c26157358c9d92861badd2cea9045399df07dc9352d0ba9c2453d0834190ae5e8bfa8878d77

  • SSDEEP

    12288:CgDhdkq5BCoC5LfWSLTUQpr2Zu19Qo8ZDJggaVokq7ki2rRpL:CgDhdkMRWfLTUO2Zu1uo8ZDJvaUkiuh

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 11 IoCs
  • Suspicious use of SendNotifyMessage 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\script.exe.a32.exe
    "C:\Users\Admin\AppData\Local\Temp\script.exe.a32.exe"
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1076
  • C:\Windows\system32\rundll32.exe
    "C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
    1⤵
      PID:1184
    • C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe -k UnistackSvcGroup
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4136

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm
      Filesize

      16KB

      MD5

      281652ab7f24119c4d1549b1108c4388

      SHA1

      a1bcc93d6836f5588b7d24ba7ee1b7bd210cd3f4

      SHA256

      748bf2b7e5d83d3f9f977d6efbcfc2d851ffe368c92a49c8b7e21529f4f1d883

      SHA512

      09e5b4dae99152c741a707ce38d741a6c0fed14d6730fec9bd40025d86b0186e1b5e3574a3784c0e7fd1574fb6e72f2d94db09ef0fea8babcbbff9778a28f270

      Download Submit
    • memory/4136-40-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-33-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-42-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-34-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-36-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-35-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-37-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-38-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-44-0x00000258A2080000-0x00000258A2081000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-16-0x0000025899E50000-0x0000025899E60000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4136-67-0x00000258A21D0000-0x00000258A21D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-32-0x00000258A2440000-0x00000258A2441000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-39-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-43-0x00000258A2090000-0x00000258A2091000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-46-0x00000258A2090000-0x00000258A2091000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-66-0x00000258A21D0000-0x00000258A21D1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-64-0x00000258A21C0000-0x00000258A21C1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-0-0x0000025899D50000-0x0000025899D60000-memory.dmp
      Filesize

      64KB

      Download
    • memory/4136-52-0x00000258A1FC0000-0x00000258A1FC1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-49-0x00000258A2080000-0x00000258A2081000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-68-0x00000258A22E0000-0x00000258A22E1000-memory.dmp
      Filesize

      4KB

      Download
    • memory/4136-41-0x00000258A2470000-0x00000258A2471000-memory.dmp
      Filesize

      4KB

      Download