b35965d29269d37c3a33a3a01a1a3b3e07bebc623ccd98e7cc906db20986578a

Analysis

max time kernel
141s
max time network
142s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
08/05/2024, 20:43

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Log Watcher v1.2.5 (Ascended)/Log Watcher.exe
Size

522KB
MD5

c158b70e32bf2c04c52ddc0414ae3280
SHA1

f6f38caf49cd80f4cf865a90bb99c561a01b2bb7
SHA256

f61e24357229b815fb1453b101f9335c92e8ac4d38a728eb370943e55f3c9cff
SHA512

ea071b5bbb1cd24d144613bdf36b62d193b57756b53606801c2cac8d7de0fb98bd00bcba4fbe16887e96933bb8bf5f74c02fa5450446e93c6294712f9b9f5ce6
SSDEEP

12288:IacKESrjkb8jTBsNqpQFQNTkmHvxVcfLCt9Ck7zuWDEpPeL:IacKfsggQNIIx+fLDke5eL

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	Log Watcher.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings	OpenWith.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3272	Log Watcher.exe
3272	Log Watcher.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
3272	Log Watcher.exe
3272	Log Watcher.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3596	OpenWith.exe

C:\Users\Admin\AppData\Local\Temp\Log Watcher v1.2.5 (Ascended)\Log Watcher.exe
"C:\Users\Admin\AppData\Local\Temp\Log Watcher v1.2.5 (Ascended)\Log Watcher.exe"
1⤵
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Log Watcher v1.2.5 (Ascended)\Scripts\AutoReconnect\AutoReconnectSettings.ini

Filesize
286B

MD5
4a23bda56e74afe4157174307eeba3c6

SHA1
2de1718dabfde9e91fc5747eee136166c6d2882e

SHA256
8d94da54874d73305b873a3598d85f2c7f2f37cf39439ed2e67da11de87774b2

SHA512
e9e09463173a1e8117ff29fe1e674822c25db533a3efbfdfc8c3f654f47c3b71c23e6d0080be331e281b80a8cc63274064094381eca1acb0a214453972ce7c81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log Watcher v1.2.5 (Ascended)\settings.ini

Filesize
1KB

MD5
20d7f56482141c931b9841843f3219d1

SHA1
276171ea8bb1358c9a27ea3cf20936771db1ed1b

SHA256
288ab842821230832afeb5b41e0785ced1d8cde247e30e188b0a90b97cf84644

SHA512
a9275a60499167346b9920d81edbbcc6777f111e92718c4758b0c2f0c645672e698a59d41d81b7f899c4c3d993478a3c57c6cdbf6603ec78865fa3f7e605243b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Log Watcher v1.2.5 (Ascended)\settings.ini

Filesize
1KB

MD5
bc74626a053d478a4bd5bfff087f8898

SHA1
6cfa5fd62b2ceaa5548560abe762ca1b36089775

SHA256
c07fd1371ea5d6ea165cbf52af56431805d2cb8396330e07ae63d4525ddb0f71

SHA512
e390309b86ac2f82c6253472e69c6a4630926bcfa9864105927ea2c32660b290c448581838f8a6400ed23546a48a606ce5bd350ff6c02ffaf98a360d3cb194bf

Download Submit
memory/3272-100-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-95-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-98-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-99-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-0-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-101-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-102-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-103-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-104-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-105-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-106-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-107-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download
memory/3272-108-0x0000000140000000-0x0000000140183000-memory.dmp

Filesize
1.5MB

Download