ccde1e5ca7361de1afba811dcce66a197f319d30835fbc6fc5a4f04d2fdca94c

Analysis

max time kernel
17s
max time network
50s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/05/2024, 19:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Microsoft Teams.exe
Size

38.0MB
MD5

78ab71f177026fc716bf37b41e29b55c
SHA1

d155a3a7c4d1cb74a69317ad79270cbb1564a254
SHA256

ccde1e5ca7361de1afba811dcce66a197f319d30835fbc6fc5a4f04d2fdca94c
SHA512

2c0ca70ad1f9e42aaba529e2e680901cdf1c950b4d585c370acf98330ec931ec588091e0ea97c5ef737f041f9d6636456b4c08990a76a93457b154162ba9b358
SSDEEP

786432:5yB/or8dNE3BoqlP5476L9mTxPYgqyZV5ndJ/2Bv:54/o6EiUP5941wryD5nP4v

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Microsoft Teams.exe
"C:\Users\Admin\AppData\Local\Temp\Microsoft Teams.exe"
1⤵
PID:2168
- C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe
  "C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe"
  2⤵
  PID:1360
- - C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe
    "C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe"
    3⤵
    PID:980
  - - C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe
      "C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe"
      4⤵
      PID:1544
    - - C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe
        
        "C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe"
        5⤵
        
        PID:4132
      - C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe
        
        "C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe"
        6⤵
        
        PID:1304
        
        C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe
        
        "C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe"
        7⤵
        
        PID:2156
        
        C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe
        
        "C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe"
        8⤵
        
        PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Phone Link - Copy.exe.log

Filesize
654B

MD5
2ff39f6c7249774be85fd60a8f9a245e

SHA1
684ff36b31aedc1e587c8496c02722c6698c1c4e

SHA256
e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

SHA512
1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
29.1MB

MD5
5532261ffeab2557e339cfcbfc53e338

SHA1
2638101ed7045a9cb988c1c016b63a36fdc2434a

SHA256
cae83a97d8fa9cb5a10156143077437e7d5190358bd934cc6c930ccd1536a1ae

SHA512
ae2bdbfeb8a56221356fd9144359a7e5537f07ae862e4c4b37f4ff23b2892fe6da56a3017b595857699f3e2847ed78d7ec8156443cf8833c5f060749aef1f0d8

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
29.7MB

MD5
b38c8089694ecdb32b4151b0eb66b01e

SHA1
c73581b18fe6eaa653c144ae7d1678ba6abe710e

SHA256
45ab3948aa9ca2725aef9778a34838709d45b5181b31fc40ca7cd013875a4e7a

SHA512
c7b0dce5e99cbe57d11f9ea890dd7b813d91b32da80ec179b178118771a52a92fbfaba96f226c609195a44a5e34b2497d06ebce42b00f78f020ada1071affdd3

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
13.7MB

MD5
c83bccb90370e43cf4d2fe7eca92c6a8

SHA1
3df2c1bce65e25b0ad1a0ed076ff2495a5e5d1b1

SHA256
fc799a95b7d73238d2dd7ac59d11ce6823c2e4b3956989bacc4085eb181060e6

SHA512
c07b31fe0810fa765df10d01c82ed36bc0cefe87716155e4dc6748289ac913ba963fd8cfe44558acced9526854bd7205a13686c047fd981583c996b0a83a4979

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
8.6MB

MD5
92ec8dfc979d004e696e79887fb432b9

SHA1
3ef7250a78261cfade5e05c931d2cedfe4f1620c

SHA256
72b5e9a663cc5b1363c38ca95b613ad5d34d3f82c47980c99e98e8af47cc087d

SHA512
0063144b3199db03aaf2463df3b5cd644321c1be83c32f7b45fbb9be4760108c09f7e91742f5d750dd8b922cc1525ebc8bd1bcddfd9f3d8eb68a427831304960

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
6.5MB

MD5
7b01a382167dee940fafe896f6db5427

SHA1
59b70838604d3dc7c0f574db587ec2ccaefab171

SHA256
a2e3cf40ef0d9da241db162396d6ba5e2f29d7f89f2a301add6d36d128c5b066

SHA512
710c1b9869c9d8adb43dbc9a386211d3299ef508613e80865d3405deffd6c2f113f7089b29bf6e34e7ced967416a754098cb6ac69e21c4784b11b09a206c4fae

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
4.4MB

MD5
a6c258cd2c5e748a16cfd2d941d605d2

SHA1
f1626dd81558e529d835235c055c697648bb23db

SHA256
5202aed5e83c714246f4e504ec1a23d10cd95d7f7b35ef85904cc9e2fd5034c3

SHA512
1e35afbd961786ab6ee5746551c8e065822b12793c2d02b083b14bbcacd8e75c4ed86786d42ffff65c326057c14b9d008739b28b0b7cf6835883ad9c60a425c2

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
2.9MB

MD5
cc891947d7bfb56710b494568f6873f8

SHA1
64fd4ca3dffbfea9e9d7e2ec1f5c190fb839af40

SHA256
b06dc8e6f2c237088428c1da979ffe1a087341e32a89e613aaa5e05296c3e13a

SHA512
7512cc4612170e69a45e94ca3a2399f55e93eba575f66b3fd6f9f8b7cb7eb8790024370e76fdf082da33c0104731a5a13bc177cbe80a02fea17bc2f85e27a6c1

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
896KB

MD5
579ff685ccd6394c41477921d10aed80

SHA1
78322045e803a3330359709f5b5620be1caf62b0

SHA256
8fac33c35b748689f3941eba2fedc7afb9c8154557e8dbbe8bc5cad887c09d34

SHA512
e7535bba48394c2e163ecc5eee163be54964f25ec91a2288cd4a6ccdfad4f870ed2ba73266a774a339632858ed41de71897121dc1bc3305213e0008d154c8e77

Download Submit
C:\Users\Admin\AppData\Roaming\Phone Link - Copy.exe

Filesize
32.6MB

MD5
5baa3e117c08e6118f4dbcf57f481d1f

SHA1
e769f9dbec35eebbc6458ad49ba14cd162066767

SHA256
fa3933b0c46d6acc91a8b479e81261b0fa2a0fdf4d2ffda6ba5e586eaef90da5

SHA512
02e27cecc51ace63fbf92ebed9179d0c857c198ce53552650c8ab73abac51d95e2388d153262a1eb2720419cd7176143bc59ac7c8bbd466b9b17519349aff371

Download Submit
memory/1360-15-0x00007FFE89DA0000-0x00007FFE8A861000-memory.dmp

Filesize
10.8MB

Download
memory/1360-19-0x00007FFE89DA0000-0x00007FFE8A861000-memory.dmp

Filesize
10.8MB

Download
memory/1360-14-0x0000000000B50000-0x0000000003136000-memory.dmp

Filesize
37.9MB

Download
memory/2168-0-0x00007FFE89DA3000-0x00007FFE89DA5000-memory.dmp

Filesize
8KB

Download
memory/2168-1-0x00000000006A0000-0x0000000002CA4000-memory.dmp

Filesize
38.0MB

Download