Analysis

  • max time kernel
    49s
  • max time network
    35s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-05-2024 12:50

General

  • Target

    3. Scan network drives/9.1 Finder.exe

  • Size

    125KB

  • MD5

    597de376b1f80c06d501415dd973dcec

  • SHA1

    629c9649ced38fd815124221b80c9d9c59a85e74

  • SHA256

    f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446

  • SHA512

    072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b

  • SSDEEP

    1536:Vc4Kvp6PWy/6oU2cpzLWJst+cYsu0TXSkdlgNPldqxFktvVg49jvvck1y40sWjcu:Vc3GJQ56et+cT7SoeNdqbMfN7TId

Score
6/10

Malware Config

Signatures

  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\3. Scan network drives\9.1 Finder.exe
    "C:\Users\Admin\AppData\Local\Temp\3. Scan network drives\9.1 Finder.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of WriteProcessMemory
    PID:436
    • C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c cls
      2⤵
        PID:1224

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads