Analysis
-
max time kernel
49s -
max time network
35s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
17-05-2024 12:50
Behavioral task
behavioral1
Sample
3. Scan network drives/9.1 Finder.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral2
Sample
3. Scan network drives/9.2 NS.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
windows10-2004-x64
6 signatures
150 seconds
General
-
Target
3. Scan network drives/9.1 Finder.exe
-
Size
125KB
-
MD5
597de376b1f80c06d501415dd973dcec
-
SHA1
629c9649ced38fd815124221b80c9d9c59a85e74
-
SHA256
f47e3555461472f23ab4766e4d5b6f6fd260e335a6abc31b860e569a720a5446
-
SHA512
072565912208e97cc691e1a102e32fd6c243b5a3f8047a159e97aabbe302bddc36f3c52cecde3b506151bc89e0f3b5acf6552a82d83dac6e0180c873d36d3f6b
-
SSDEEP
1536:Vc4Kvp6PWy/6oU2cpzLWJst+cYsu0TXSkdlgNPldqxFktvVg49jvvck1y40sWjcu:Vc3GJQ56et+cT7SoeNdqbMfN7TId
Score
6/10
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: 9.1 Finder.exe -
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 436 wrote to memory of 1224 436 9.1 Finder.exe 88 PID 436 wrote to memory of 1224 436 9.1 Finder.exe 88 PID 436 wrote to memory of 1224 436 9.1 Finder.exe 88
Processes
-
C:\Users\Admin\AppData\Local\Temp\3. Scan network drives\9.1 Finder.exe"C:\Users\Admin\AppData\Local\Temp\3. Scan network drives\9.1 Finder.exe"1⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:436 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c cls2⤵PID:1224
-