Analysis

  • max time kernel
    93s
  • max time network
    124s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-06-2024 01:29

General

  • Target

    6cffe7a63ec7e31aee6425c2c6ea5259f16c9e817b4bafbd3a8d8283f86d84d4.exe

  • Size

    1.8MB

  • MD5

    b53f4a29e8f17c661eff669b55504b59

  • SHA1

    d478161c439a2455370644ad9cd0bed4ed743ab5

  • SHA256

    6cffe7a63ec7e31aee6425c2c6ea5259f16c9e817b4bafbd3a8d8283f86d84d4

  • SHA512

    f7a0669a86a4f02a02b59954ea6826e0ecc36f1570e0eea0b9cb6ecd58e9f29edd2c107235353c513088cd299648bb0285d2aaf5b3171beafce9bfb084a1dea8

  • SSDEEP

    12288:0J3svJVRIliHZF/ESrnE46A9jmP/uhu/yMS08CkntxYR:ysvJvuiHZFPn3fmP/UDMS08Ckn3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\6cffe7a63ec7e31aee6425c2c6ea5259f16c9e817b4bafbd3a8d8283f86d84d4.exe
    "C:\Users\Admin\AppData\Local\Temp\6cffe7a63ec7e31aee6425c2c6ea5259f16c9e817b4bafbd3a8d8283f86d84d4.exe"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1168
    • C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
      2⤵
        PID:3248

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads