Analysis

  • max time kernel
    67s
  • max time network
    52s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2024 20:32

General

  • Target

    PAYMENT FROM OUR SBI BANK.exe

  • Size

    536KB

  • MD5

    d554b4c1aa278eeaf10def8ea5973cd6

  • SHA1

    f1056fb198e27b567d46c3fe7b2d355c925988fd

  • SHA256

    b2db0dad3f1acb31633bc8d135453b5141d75ce89212a303a9148a40f60eb917

  • SHA512

    00d9d6a1ff4cfd43a3e11e4b81d47a559eef3e03011c24a160e614064cd42a2a87c9f7da586d0cc33d8ec3db025050468aea708865b80d7aaa0250dc81d6e62d

  • SSDEEP

    12288:0uv+XyDHRqUaW46A9jmP/uhu/yMS08CkntxYRS:rv0wHROfmP/UDMS08Ckn3P

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PAYMENT FROM OUR SBI BANK.exe
    "C:\Users\Admin\AppData\Local\Temp\PAYMENT FROM OUR SBI BANK.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4032
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:2992

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads