42bade939e857ea77115468322754b8aa8eda2ddd73e207fa6c67325e8355ed1

Analysis

max time kernel
145s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 04:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpeedSploit.exe
Size

2.1MB
MD5

a12236f4a8672b59e2092bf7da1cadee
SHA1

a05c91e121dff8728e882c8da266f0a602ccf1cd
SHA256

42bade939e857ea77115468322754b8aa8eda2ddd73e207fa6c67325e8355ed1
SHA512

eaa0a2c2188bc90ddff4192888c7020f38f9e821ad949b017927402236ae0ad725857588c09e43c62b296d2b8e22d9f80634e79d50bed5a1e69c0b49250b49ba
SSDEEP

49152:MJUxwFPrrLo1/B9ypE70nRsWRgkVBJ/+:MJXt/L6/BMpDRsWukVn+

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	3148	taskmgr.exe
Token: SeSystemProfilePrivilege	3148	taskmgr.exe
Token: SeCreateGlobalPrivilege	3148	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1136	SpeedSploit.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe
3148	taskmgr.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4180	SpeedSploit.exe

C:\Users\Admin\AppData\Local\Temp\SpeedSploit.exe
"C:\Users\Admin\AppData\Local\Temp\SpeedSploit.exe"
1⤵
- Suspicious use of FindShellTrayWindow
PID:1136

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3148

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\SpeedSploit.exe
"C:\Users\Admin\AppData\Local\Temp\SpeedSploit.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IF{F9E4076C-3944-4805-8F32-BE4C7EA0A8D5}\OS.dat

Filesize
242B

MD5
48d3c4d4cdc791b3c3e5b4432c3ea0ba

SHA1
3f840e5554cf797254550d702644d51c17576a33

SHA256
38f778cbb7aa3d52f7fd5ab5ccf30b25962a6a5fecdff6efbb10501829459ca5

SHA512
65240bafbb3e86c7c7b99cddeac7b3b202562b99506b458980fd8c1437ed560ca56bc446adc62a0cce397e1451b81b531d9dd6baf145664cfc2d55efda5cace7

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{F9E4076C-3944-4805-8F32-BE4C7EA0A8D5}\SC.dat

Filesize
986B

MD5
c09a94c606de0443f36b280a35b65025

SHA1
97c3bf724d9c75aa801ebf99384f109a17c61988

SHA256
6501275cd0b45aa8e1459a4e97fe7eda94affc4fe30d3352f1b236fda710bff3

SHA512
5129da5198e316c04d68aa3b10935e0eeecb86707e96183facad438439933f2f213715b1b3019680cbb92f17e0dc73a3f529efcfa0249f8ddb0133e78a41af9e

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{F9E4076C-3944-4805-8F32-BE4C7EA0A8D5}\default.ifl

Filesize
2KB

MD5
2922d0c758d9c3c10cbdc59f91979d0c

SHA1
feb69bdf58d06cca776db63036811af0764ca013

SHA256
20f6d12eac29bd6ddc6a99dd276c5e200fac25c976ab4293195b58ec164c253f

SHA512
d15e888bae4e23ce5d61becc3c47d9b5f61fbbe4612cf90677314570fe1df1f4fde6c519b789ad46cc50d19c2b3701bc9bd968e85bb618fb7127950d4ae92695

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{F9E4076C-3944-4805-8F32-BE4C7EA0A8D5}\headerImage.dat

Filesize
105KB

MD5
f7f93099bf431a55cb41cb96506a07ca

SHA1
c6011d574b4f91b501f02e32ef7ec85838a39b03

SHA256
4f6073513e67aa82846b6633e569fb4464bcb358cf1f87ad241cf9d93581eaa7

SHA512
79b202540b5d6bb4ff0023249944e49ca248cca3eee335cba0f3047743c0bf2c366de08ea5de41a9efe75cddd0ce4cdc9c73ebea787fd97e784a4ff2b92abf11

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{F9E4076C-3944-4805-8F32-BE4C7EA0A8D5}\licence.rtf

Filesize
155B

MD5
554474cedff9c44f173dbb0591a6dc62

SHA1
ec75120c62a20fdb9c271a16f57fa0eff39c6697

SHA256
d090c7c7b17cc919abab0121c8b7b2ffb69ae514575123ea71490ff3cf4071bb

SHA512
918cf8fb4a80006f2a93bc6509080800763b50eb7e0caa625bca135a20c6fd3965f003684b2e8da1bd3d17db7b776edacd27807fbafef05d6d3b2f701a37a93a

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{F9E4076C-3944-4805-8F32-BE4C7EA0A8D5}\setupArchive.archive

Filesize
32B

MD5
c995c0f4c984235e4437846f8f7ecabc

SHA1
7a56a57667930b32782d99c4507298b756020f43

SHA256
6491d66cd094d06a9d871b9a8c0f799103e35f4b342b6f9e3b6ff4f475af171d

SHA512
82134b910294efdb6a6d56bd1778f053f8a1a2e8dbe3872fdf352174d3c708b0a6f9fc4a2c82f6a6a385df86bf44d24e5554d937ed7b8c51b6ffb05123ad7c2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{F9E4076C-3944-4805-8F32-BE4C7EA0A8D5}\setupConfiguration.archive

Filesize
1.2MB

MD5
724a4d86df4294876f80d92a7104b8ce

SHA1
cccbf7f47e816d5ee91a294e1523534629f909d0

SHA256
289b7f5724e5242b1aea6a789531742f12dcc587e8b4dc68309cdb7a11d64565

SHA512
8e7dda7a03739111cd0960e9a08b5517fdc01aa651bbcd439c60250aa4e69f32498f46b26cd1b8cc759b800d31c056e0317ae5f191bee6d361e105752f33bb74

Download Submit
C:\Users\Admin\AppData\Local\Temp\IF{F9E4076C-3944-4805-8F32-BE4C7EA0A8D5}\wizardImage.dat

Filesize
1.1MB

MD5
02ca1e40cb329c0314c1ed98d90e6e1b

SHA1
d27dee6f16d122adedc863820709f668e1d13ba8

SHA256
c04dd5be5398c17076c4d6f0a458e18868153aaa20ccda40c6db85d6902aafa1

SHA512
4a53242886c910fb1030f5b1718d6da78fbf8cbba0754868fe122730475a0750888ede5094a999e91755d77bc2bf2845e865c1732c61acd0fe30ffd1f4c12591

Download Submit
memory/3148-44-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-39-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-40-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-41-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-42-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-43-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-35-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-45-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-33-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download
memory/3148-34-0x00000203871D0000-0x00000203871D1000-memory.dmp

Filesize
4KB

Download