Analysis
-
max time kernel
121s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
-
submitted
02-05-2024 22:36
General
-
Target
xi0TpAxHGMsm.exe
-
Size
482KB
-
MD5
effe954da69f8377295e43c84e48bd77
-
SHA1
2cce76b35acab30714dcb56042808efbf05ae969
-
SHA256
950b538fcf4aa8021867bce803c551b098b1481fc9b468772efb81f51c4c1c8c
-
SHA512
280f3aba77d9815f4b2e81462a97751f399c4d73a07a5fb3812bb6594826a81fe5ac449cf53409f8d51b16a6e61b99162923a28c54a02171ce016935823448cc
-
SSDEEP
6144:+XIktXfM8Lv86r9uVWAa2je4Z5zl4hgDHQQs4NTQjoHFsAOZZsAX4cNe5Gv:+X7tPMK8ctGe4Dzl4h2QnuPs/Zsvcv
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\xi0TpAxHGMsm.exe"C:\Users\Admin\AppData\Local\Temp\xi0TpAxHGMsm.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\tcdsi.vbs"2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
520B
MD523599b933d0a7eaf4c9c850555f451e4
SHA1904e6dd9db2864a29f29b0c2846bc7beb55a02a5
SHA25665b1f65deb27ef194b2cdad9863d3e7c26505baebc5e72937d0ff818f19045af
SHA5122a8a67a36db7a2de87e4d8507ee34e76978966c7d8c9163ff99fa3e1a9177fbcdf0c506a38c4e65b3485a1758f03d28767391efa19e8b075fc858e4893be6ad4