5bf2d564fdf510152de7de42aa84e19ebf9b5133706f9dc886ad7914168530cd

Analysis

max time kernel
1s
max time network
9s
platform
windows11-21h2_x64
resource
win11-20240412-en
resource tags

arch:x64arch:x86image:win11-20240412-enlocale:en-usos:windows11-21h2-x64system
submitted
20/04/2024, 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AnthemScore_installer_windows_x86_64.exe
Size

20.6MB
MD5

746560ad63c2f2ccd5d7f2d43fe005ae
SHA1

299a29a2e5f2e2fa144a4a779bbc3698cf044e31
SHA256

5bf2d564fdf510152de7de42aa84e19ebf9b5133706f9dc886ad7914168530cd
SHA512

24d362371cad5dbb9dc4f841e036fbded40b9a14a41dbc51673127736b3993cc4b7714ac8abad2b70a75a1acd7be871099d23965bc3aae31156de3443f5c128e
SSDEEP

393216:icG3VLZOTokEXS9QSFhgPvKIi5Jsv6tWKFdu9CSW3:mLZOJES9rhgPiKW3

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
564	AnthemScore_installer_windows_x86_64.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
564	AnthemScore_installer_windows_x86_64.exe
564	AnthemScore_installer_windows_x86_64.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
564	AnthemScore_installer_windows_x86_64.exe
564	AnthemScore_installer_windows_x86_64.exe

C:\Users\Admin\AppData\Local\Temp\AnthemScore_installer_windows_x86_64.exe
"C:\Users\Admin\AppData\Local\Temp\AnthemScore_installer_windows_x86_64.exe"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/564-0-0x00000000062F0000-0x0000000006730000-memory.dmp

Filesize
4.2MB

Download
memory/564-2-0x0000000006730000-0x0000000006930000-memory.dmp

Filesize
2.0MB

Download