Overview

overview

10

Static

static

10

dc166f7090...c7.exe

windows7-x64

3

dc166f7090...c7.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    139s
  • max time network
    102s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-05-2024 04:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe

  • Size

    752KB

  • MD5

    8b284019623fbbb4f3c3531f51d99163

  • SHA1

    55158f83ee688ffc72c43f33fc83ec11f5c30c47

  • SHA256

    dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7

  • SHA512

    535e31cee1c7e642c30e16e38331b4f638f6a7c8a4bad2258f159148c2d972d391e106f1738a14ff47e9f6a163fc8a9877d945a5e97624b55faeb1ee2626afce

  • SSDEEP

    12288:9/kA8UXFh1pHI46A9jmP/uhu/yMS08CkntxYRKA9jmP/uhu/yMS08CkntxYR:9/kAFXFlbfmP/UDMS08Ckn3gmP/UDMSz

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe
    "C:\Users\Admin\AppData\Local\Temp\dc166f70908875eeeb4fd19f22c248da486e0c4ff8fa21e455f3a653062acbc7.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:4508
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:4360

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Replay Monitor

    Loading Replay Monitor...

    Downloads