Analysis
-
max time kernel
117s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
03-05-2024 04:13
Behavioral task
behavioral1
Sample
dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe
Resource
win10v2004-20240419-en
General
-
Target
dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe
-
Size
752KB
-
MD5
8b284019623fbbb4f3c3531f51d99163
-
SHA1
55158f83ee688ffc72c43f33fc83ec11f5c30c47
-
SHA256
dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7
-
SHA512
535e31cee1c7e642c30e16e38331b4f638f6a7c8a4bad2258f159148c2d972d391e106f1738a14ff47e9f6a163fc8a9877d945a5e97624b55faeb1ee2626afce
-
SSDEEP
12288:9/kA8UXFh1pHI46A9jmP/uhu/yMS08CkntxYRKA9jmP/uhu/yMS08CkntxYR:9/kAFXFlbfmP/UDMS08Ckn3gmP/UDMSz
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 3 IoCs
pid Process 2168 dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe 2168 dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe 2168 dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2168 wrote to memory of 1920 2168 dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe 28 PID 2168 wrote to memory of 1920 2168 dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe 28 PID 2168 wrote to memory of 1920 2168 dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe 28 PID 2168 wrote to memory of 1920 2168 dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe"C:\Users\Admin\AppData\Local\Temp\dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe"1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\Windows\SysWOW64\cmd.execmd.exe /c C:\Users\Admin\AppData\Local\Temp\2⤵PID:1920
-