65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
08/05/2024, 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22.exe
Size

1.4MB
MD5

4873c4478d6410ad82e6fa58f6955fd2
SHA1

07ed208b831861a9e3647511cd721f288f9099b0
SHA256

65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22
SHA512

abb351db8967398d34c7a0c1f3ae7782c412e094130320e0a79af624cc3fda43fe6a9c576a5905f68b947a6c54ee6918038db068ef21fda0b95bc897e9ac301e
SSDEEP

24576:pBu6DTf8veSCrYmhr89Inxq3FIa6RbkPTvsgWdABPwmHwcDcbI0vnpeCV/h1Xi:pDDTWuBrjx2wuTbjQBdgeDi

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
3000	65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22.exe
3000	65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22.exe
3000	65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3000	65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22.exe

C:\Users\Admin\AppData\Local\Temp\65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22.exe
"C:\Users\Admin\AppData\Local\Temp\65f8e88131825e06eb51de7b4790247eb1a514965756ebbcbcbd89c4eb1b9f22.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\LSBF4D.tmp

Filesize
15KB

MD5
e69d2c26200b14e0270f1a0c62b8712a

SHA1
c4e450743d64e31772b800b65c1e64fedd3c88e9

SHA256
422170900f338182eaac2a321a3314493ac819d61749ae24c30eda887cdb912b

SHA512
83d647ec334fc48175a0cc7419fb99a5db02068ddd1960080c870f2d1a92957d1a0ee9314e85a8f5b7731d33b465d97a7c72ca83390eeabbbeb83e2cbd7a5ee7

Download Submit
\Users\Admin\AppData\Local\Temp\LSBF4E.tmp

Filesize
249KB

MD5
60f374ea7d5cd6b6ad0b4cad3124ac46

SHA1
420f4a975ff9c99da1b85190af5e10817f875775

SHA256
9dc6eaa4dd0d07b8bea2bd4cb5051835b059251c36711f0f003154adf584dcaa

SHA512
8eb4c3acfc9e7daa7970e4f8224be48cd1515335848bfe1e4d6d20467fd6789b39e0136341e67b04f916ef8ada1c113d9602d85d94a311965ed4655b73e64e85

Download Submit