5fe76cc7e22b4b79f1a46e0181531e89a2e2029de1532a92a255560917bcdffd

Analysis

max time kernel
92s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
02/06/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Terminator Resistance Promo.exe
Size

5.7MB
MD5

9a57a82b01f2ed2843fb99d7d92f50a5
SHA1

7aee2d9646779523b76a818119c39c8df18f522a
SHA256

2f4fab7595bfdff5794cd7c9433749b4d90039e118a61094aea744ca8ec64c12
SHA512

1865753e55584140e5d39f73aecab4d8d93a11d9c936826c538030ce94aeab485bd42ca30656dc5bac34c49d8d2bb98b29b7969f903780b2f8af38a2ecf0b849
SSDEEP

98304:tDfmQ8iOP7Cl3SQI+rB4H5LUPQ/s7DGnPpukS2nhwJshcku5IjNxzLrS+CPurts/:trmZiOTClCQ3BE5LKQ/uGnxlSywfkgIw

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2596	Terminator Resistance Promo.exe
2596	Terminator Resistance Promo.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\Terminator Resistance Promo.exe
"C:\Users\Admin\AppData\Local\Temp\Terminator Resistance Promo.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:2596

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2596-0-0x00007FF646DD0000-0x00007FF647D6D000-memory.dmp

Filesize
15.6MB

Download
memory/2596-2-0x00007FFD79E0D000-0x00007FFD79E0E000-memory.dmp

Filesize
4KB

Download
memory/2596-3-0x00007FFD79D70000-0x00007FFD79F65000-memory.dmp

Filesize
2.0MB

Download
memory/2596-4-0x00007FFD79D70000-0x00007FFD79F65000-memory.dmp

Filesize
2.0MB

Download
memory/2596-1-0x00007FF49AC30000-0x00007FF49B001000-memory.dmp

Filesize
3.8MB

Download
memory/2596-5-0x00007FFD79D70000-0x00007FFD79F65000-memory.dmp

Filesize
2.0MB

Download
memory/2596-10-0x00007FF646DD0000-0x00007FF647D6D000-memory.dmp

Filesize
15.6MB

Download
memory/2596-11-0x00007FF646DD0000-0x00007FF647D6D000-memory.dmp

Filesize
15.6MB

Download
memory/2596-13-0x00007FFD79D70000-0x00007FFD79F65000-memory.dmp

Filesize
2.0MB

Download
memory/2596-12-0x00007FF646DD0000-0x00007FF647D6D000-memory.dmp

Filesize
15.6MB

Download
memory/2596-15-0x00007FFD79D70000-0x00007FFD79F65000-memory.dmp

Filesize
2.0MB

Download
memory/2596-16-0x00007FF646DD0000-0x00007FF647D6D000-memory.dmp

Filesize
15.6MB

Download
memory/2596-17-0x00007FF49AC30000-0x00007FF49B001000-memory.dmp

Filesize
3.8MB

Download