307023107afd5a3f5f59e13aa37333826bba4fe3afeb6d5091df67a2ecbddfc7

Analysis

max time kernel
141s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18/04/2024, 10:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ChipGenius.exe
Size

142KB
MD5

fa28162dd8cc4e20d4f15c116fcf959d
SHA1

e39c03e0d48ff1fa1bc19bce40fb9cdad99bd14b
SHA256

e88256520d3da2d483186eaec3bf967155ff6f6abdc597233e8d87ab4a1a338a
SHA512

aa7e17c76c5d5c0f9018126102b1ea39d6d0477bec8d2554674bf658c609acd9e56bfd21913bb32e59a4a0fa7c1c35e33d3bc920a7ce801b1a8157e0881f6b7d
SSDEEP

3072:BQntWKY6UgOMGZOd08Z3hX9HCS6BN7outPax7Gl3M9Cacs0Il:sIH/MGMdRlhmBJoSPK83ucs

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	ChipGenius.exe
File opened (read-only)	\??\F:	ChipGenius.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4364	ChipGenius.exe
2668	ChipGenius.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 2668	4364	ChipGenius.exe	89
PID 4364 wrote to memory of 2668	4364	ChipGenius.exe	89
PID 4364 wrote to memory of 2668	4364	ChipGenius.exe	89

C:\Users\Admin\AppData\Local\Temp\ChipGenius.exe
"C:\Users\Admin\AppData\Local\Temp\ChipGenius.exe"
1⤵
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Users\Admin\AppData\Local\Temp\ChipGenius.exe
  C:\Users\Admin\AppData\Local\Temp\ChipGenius.exe WRCGDOUP2010-06-13
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2668-6-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/4364-0-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/4364-5-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download
memory/4364-8-0x0000000000400000-0x00000000004F6000-memory.dmp

Filesize
984KB

Download