15d11801dc9e4c7ebe6b4a8b013a0d226ed91e182742c9ba7085bd3051883087

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 15:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15d11801dc9e4c7ebe6b4a8b013a0d226ed91e182742c9ba7085bd3051883087.exe
Size

807KB
MD5

cbd186aae10955ac7d1aed5d5209cc06
SHA1

3480fc28d024564e4093c9fb5358d5280441dcde
SHA256

15d11801dc9e4c7ebe6b4a8b013a0d226ed91e182742c9ba7085bd3051883087
SHA512

f643938f6144af0c1d4be72cde71ceb8a7c279aa6a520855ecf6405438d318f059f85cb6f883020fa7e20650ba4de8f588d15c5e6095c811e6f2f93b563a7920
SSDEEP

12288:ZaWzgMg7v3qnCiiErQohh0F4pCJ8lnyOQwlsZk03iGFRm:4aHMv6CCrjlnyOQ9q0SGm

Score

10^/10

evasion

Malware Config

Signatures

Modifies security service 2 TTPs 1 IoCs

evasion

Modify Registry

T1112

Windows Service

T1543.003

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\wuauserv\Start = "4"	15d11801dc9e4c7ebe6b4a8b013a0d226ed91e182742c9ba7085bd3051883087.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4708	15d11801dc9e4c7ebe6b4a8b013a0d226ed91e182742c9ba7085bd3051883087.exe

C:\Users\Admin\AppData\Local\Temp\15d11801dc9e4c7ebe6b4a8b013a0d226ed91e182742c9ba7085bd3051883087.exe
"C:\Users\Admin\AppData\Local\Temp\15d11801dc9e4c7ebe6b4a8b013a0d226ed91e182742c9ba7085bd3051883087.exe"
1⤵
- Modifies security service
- Suspicious behavior: GetForegroundWindowSpam
PID:4708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\15d11801dc9e4c7ebe6b4a8b013a0d226ed91e182742c9ba7085bd3051883087.ini

Filesize
2KB

MD5
193e7fd84117988dee93b5f70df51f8a

SHA1
9748ec5c59453b33e17975e37fd58f982fb4e232

SHA256
ad6945632a972ec73ac4f80ce88e122d003ae05d27cdc8bd9c0a8f99a3c8c2b2

SHA512
2936df8daa4bc116b8c32f4ed2e59224734aa7a821e5e2c22cb15adbe025995b73e5da1af4299c5bf654b3c87414608879c54483e32dab29d652c51be50d1207

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads