Analysis

  • max time kernel
    148s
  • max time network
    100s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/06/2024, 04:54

General

  • Target

    ee0230b62df2e4b6ec5e3528620b7ceee6735fed15387d21c5f8feaad122835a.exe

  • Size

    8.6MB

  • MD5

    105a2ba8b5d9979c2c9a899e689af728

  • SHA1

    866877c474881caba02cd309db1af1846028f702

  • SHA256

    ee0230b62df2e4b6ec5e3528620b7ceee6735fed15387d21c5f8feaad122835a

  • SHA512

    d6e97e7cf7fb68c7ac5a0e27a14effc7af4ed0279723b9f4d1eaee086e7526774f7915ae887d687bd5a36eef3884ee5bff2756dc6b40562c2afb3b2f0a95cffd

  • SSDEEP

    196608:7AZ/zoE95QUyL0L6p9hdYWZbi8aH0qTos8ouEXTCw1FH7J8Z:7AZkE9G46PhdYou8iBT41EX+w1FHuZ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ee0230b62df2e4b6ec5e3528620b7ceee6735fed15387d21c5f8feaad122835a.exe
    "C:\Users\Admin\AppData\Local\Temp\ee0230b62df2e4b6ec5e3528620b7ceee6735fed15387d21c5f8feaad122835a.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1316
    • C:\ÈÈѪ´«Ææ\ee0230b62df2e4b6ec5e3528620b7ceee6735fed15387d21c5f8feaad122835a.exe
      C:\ÈÈѪ´«Ææ\ee0230b62df2e4b6ec5e3528620b7ceee6735fed15387d21c5f8feaad122835a.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of SetWindowsHookEx
      PID:3980

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\f9100498b1e6c535f67d605e12c9515a.txt

          Filesize

          12B

          MD5

          6837724c314d40567b48f77e84c4a1fe

          SHA1

          fe40871082304b3876ee4aee6b3a6b67d9ad7e13

          SHA256

          8feeb29152b7a1ff207f5db2e48a383f118faed4f5e4cf3f7105122f14b3093f

          SHA512

          69009beb3b26a43f4c5d87497b7910bec5124fcaef5933b32290cd2139527dc4a892f85082ce2f5f5cb4f03ccc7048746f9b67034c66986bde0746fc740a9a81

        • C:\ÈÈѪ´«Ææ\ee0230b62df2e4b6ec5e3528620b7ceee6735fed15387d21c5f8feaad122835a.exe

          Filesize

          8.6MB

          MD5

          105a2ba8b5d9979c2c9a899e689af728

          SHA1

          866877c474881caba02cd309db1af1846028f702

          SHA256

          ee0230b62df2e4b6ec5e3528620b7ceee6735fed15387d21c5f8feaad122835a

          SHA512

          d6e97e7cf7fb68c7ac5a0e27a14effc7af4ed0279723b9f4d1eaee086e7526774f7915ae887d687bd5a36eef3884ee5bff2756dc6b40562c2afb3b2f0a95cffd

        • memory/1316-18-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/1316-5-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/1316-4-0x00000000004F9000-0x00000000004FA000-memory.dmp

          Filesize

          4KB

        • memory/1316-1-0x00000000001C0000-0x00000000001C3000-memory.dmp

          Filesize

          12KB

        • memory/1316-20-0x00000000001C0000-0x00000000001C3000-memory.dmp

          Filesize

          12KB

        • memory/1316-0-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/3980-13-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/3980-12-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/3980-16-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/3980-17-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/3980-24-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/3980-25-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB

        • memory/3980-27-0x0000000000400000-0x0000000000948000-memory.dmp

          Filesize

          5.3MB