Analysis

  • max time kernel
    74s
  • max time network
    70s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-05-2024 23:02

General

  • Target

    Hook.exe

  • Size

    446KB

  • MD5

    28535711673ba8e4251327e0c5dcb04b

  • SHA1

    2f4005a8acadbcae06f472a7b171835337ab2c63

  • SHA256

    b4a70be15508ac80e7bac8970376919e2a12e3a2e5627c1587c362e0a2cb30de

  • SHA512

    84d4050bd97e2f0db490988f801d0a81041ac989c0627a69d52a175e4d9e12ab1304e501e20ad10a237fa25c3d592b490ec6a25e19b4baf12fea7c39c30cd407

  • SSDEEP

    6144:enCJxbwrfRrxTKCQhf5erJegNhxvDuiAe9YQU1jVdglRNfn7Tvh5XGZa64RS9Rjo:eCjMrfchxmsBjVdgJfnrG0Rhgu89A

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Hook.exe
    "C:\Users\Admin\AppData\Local\Temp\Hook.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3152
    • C:\Windows\explorer.exe
      "C:\Windows\explorer.exe"
      2⤵
        PID:2460
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c start C:\Windows\System32\dxd32s.exe
        2⤵
          PID:2364
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c start C:\Windows\System32\dxd32s.exe
          2⤵
            PID:4024

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads