Analysis
-
max time kernel
147s -
max time network
154s -
platform
windows10-2004_x64 -
resource
win10v2004-20240319-en -
resource tags
-
submitted
25/03/2024, 14:08
General
-
Target
de319c18f8e26764fe10a5eb80f7e602.exe
-
Size
24KB
-
MD5
de319c18f8e26764fe10a5eb80f7e602
-
SHA1
cc0e7693ebf09e0b5099e3d9e17444fbc45a2541
-
SHA256
2f55a94ef7bf5b378385a3d478b3b6fce3447b134ff58f741bc0d5e13dafadce
-
SHA512
9b232ff028a5d3d4e6ad3933646ae5b73f4e2b085fe3920fce1d775fbb9627e287f4d280333ab31fe0a3f0b212bae1b3f52497376f830d58a27cdd7aa61bef86
-
SSDEEP
384:E3eVES+/xwGkRKJilM61qmTTMVF9/q5k0:bGS+ZfbJiO8qYoAF
Score
6/10
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Drops file in Program Files directory 1 IoCs
-
Enumerates processes with tasklist 1 TTPs 1 IoCs
-
Gathers network information 2 TTPs 2 IoCs
Uses commandline utility to view network configuration.
-
Runs net.exe
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 21 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\de319c18f8e26764fe10a5eb80f7e602.exe"C:\Users\Admin\AppData\Local\Temp\de319c18f8e26764fe10a5eb80f7e602.exe"1⤵
- Adds Run key to start application
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ver >c:\windows\temp\flash.log & cmd /c set >>c:\windows\temp\flash.log & ipconfig /all >>c:\windows\temp\flash.log & tasklist >>c:\windows\temp\flash.log & net start>>c:\windows\temp\flash.log & netstat -an >>c:\windows\temp\flash.log2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c set3⤵
-
-
C:\Windows\SysWOW64\ipconfig.exeipconfig /all3⤵
- Gathers network information
-
-
C:\Windows\SysWOW64\tasklist.exetasklist3⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\net.exenet start3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start4⤵
-
-
-
C:\Windows\SysWOW64\NETSTAT.EXEnetstat -an3⤵
- Gathers network information
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1780 --field-trial-handle=2000,i,9877262470271371196,11878025205711850266,262144 --variations-seed-version /prefetch:81⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD51bbfe40badd3d8d34a397fac4b97e058
SHA187281d7c106cc462efd6367acfd1b1bea98a1aa9
SHA256c1e7539e49a254d744008027c5083d6fea91b0998977639978d0e134bafbaaa2
SHA5125c613f05d3bfed6aefbf4c679097908146416f7bcf46cf7400e1e78a11ec7a7809164e59cfd88a479a0ca236691e35f8daf2f900acd9a55bc4faf378305d4ead