72395ec1a48758a005d052d72fde286c083be13110308fdc4216bd8e9c325de7

Analysis

max time kernel
43s
max time network
62s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
11-06-2024 19:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

988.exe
Size

2.1MB
MD5

8eadcc4d69631ce1252201d164bff08c
SHA1

364278c807838bf3d75001c72bffa9b00bb42dd6
SHA256

54334afc530f334754ec13761319c8ef536fc644fcd33e5c405ba4aedb8fd90b
SHA512

97fa9dfd9444f711a31c6d017d00151664c8e1e7bc6cc157d55bb59ae13e0d453d1475b82ce6b577b7b3ad448df989550f7594283f016877cda0c8324fd84b6a
SSDEEP

49152:TF4qX74X0XrtpUePzKtA+F3l7BPAeYKHdj/PAHD1QCizINk/Sap19W:a874X0JpUePzV+xl79AeYKHdj/PGDAIC

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4628	988.exe

C:\Users\Admin\AppData\Local\Temp\988.exe
"C:\Users\Admin\AppData\Local\Temp\988.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4628-2-0x0000000010000000-0x0000000010024000-memory.dmp

Filesize
144KB

Download