e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d

Analysis

max time kernel
144s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
12/06/2024, 05:06

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe
Size

400KB
MD5

a3c00dcdf695da8d53b1a2dc4f381b53
SHA1

c6a443d1a952b191d2a744ee75495c53ef76abee
SHA256

e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d
SHA512

aa5124273c6af7aced53972afb69b111635f8f4c961ef3baa26bc83c98cf6f1381d1359f9516b6631389ad28e7397b8da522db15f9ae9a112900121baf8cfe52
SSDEEP

6144:Mxhea3V0aOm5fkQDD+tNul4ud6QjMIp048iJ0mNsar1Japwfrq8kriO:MxheyiaOzmwuWuVM48fdqJa+Gr

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe
2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1752	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	28
PID 2180 wrote to memory of 1752	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	28
PID 2180 wrote to memory of 1752	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	28
PID 2180 wrote to memory of 1752	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	28
PID 2180 wrote to memory of 2836	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	30
PID 2180 wrote to memory of 2836	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	30
PID 2180 wrote to memory of 2836	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	30
PID 2180 wrote to memory of 2836	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	30
PID 2180 wrote to memory of 620	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	32
PID 2180 wrote to memory of 620	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	32
PID 2180 wrote to memory of 620	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	32
PID 2180 wrote to memory of 620	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	32
PID 2180 wrote to memory of 1124	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	34
PID 2180 wrote to memory of 1124	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	34
PID 2180 wrote to memory of 1124	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	34
PID 2180 wrote to memory of 1124	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	34
PID 2180 wrote to memory of 2228	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	36
PID 2180 wrote to memory of 2228	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	36
PID 2180 wrote to memory of 2228	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	36
PID 2180 wrote to memory of 2228	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	36
PID 2180 wrote to memory of 2936	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	38
PID 2180 wrote to memory of 2936	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	38
PID 2180 wrote to memory of 2936	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	38
PID 2180 wrote to memory of 2936	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	38
PID 2180 wrote to memory of 664	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	40
PID 2180 wrote to memory of 664	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	40
PID 2180 wrote to memory of 664	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	40
PID 2180 wrote to memory of 664	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	40
PID 2180 wrote to memory of 1504	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	42
PID 2180 wrote to memory of 1504	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	42
PID 2180 wrote to memory of 1504	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	42
PID 2180 wrote to memory of 1504	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	42
PID 2180 wrote to memory of 1724	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	46
PID 2180 wrote to memory of 1724	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	46
PID 2180 wrote to memory of 1724	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	46
PID 2180 wrote to memory of 1724	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	46
PID 2180 wrote to memory of 1536	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	48
PID 2180 wrote to memory of 1536	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	48
PID 2180 wrote to memory of 1536	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	48
PID 2180 wrote to memory of 1536	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	48
PID 2180 wrote to memory of 1908	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	50
PID 2180 wrote to memory of 1908	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	50
PID 2180 wrote to memory of 1908	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	50
PID 2180 wrote to memory of 1908	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	50
PID 2180 wrote to memory of 1820	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	52
PID 2180 wrote to memory of 1820	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	52
PID 2180 wrote to memory of 1820	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	52
PID 2180 wrote to memory of 1820	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	52
PID 2180 wrote to memory of 852	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	54
PID 2180 wrote to memory of 852	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	54
PID 2180 wrote to memory of 852	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	54
PID 2180 wrote to memory of 852	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	54
PID 2180 wrote to memory of 2940	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	56
PID 2180 wrote to memory of 2940	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	56
PID 2180 wrote to memory of 2940	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	56
PID 2180 wrote to memory of 2940	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	56
PID 2180 wrote to memory of 2184	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	58
PID 2180 wrote to memory of 2184	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	58
PID 2180 wrote to memory of 2184	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	58
PID 2180 wrote to memory of 2184	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	58
PID 2180 wrote to memory of 1652	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	60
PID 2180 wrote to memory of 1652	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	60
PID 2180 wrote to memory of 1652	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	60
PID 2180 wrote to memory of 1652	2180	e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe	60

C:\Users\Admin\AppData\Local\Temp\e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe
"C:\Users\Admin\AppData\Local\Temp\e8839f3fb3ae74430289d858ba3e7665011da0866dbb22c2ec89cbe39f508d1d.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1752
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2836
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:620
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1124
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2228
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2936
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:664
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1504
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1724
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1536
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1908
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1820
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:852
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2940
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2184
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1652
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1292
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:3048
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2076
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2776
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:1740
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2804
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2692
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe
  2⤵
  PID:2536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\ColorConsole\ColorConsole.ini

Filesize
44B

MD5
00c458004df4b2bb7f23860df1d90bea

SHA1
96b2461a6c4fcd55dda02344f59a99336a85e278

SHA256
dc8c9a6c147194c3520ea3bf44a47b38068f9daab1ca3f7090a5bf9fae90edd5

SHA512
dda488809ea6966b330bd6bb9b671fee73bc4f86fd647737f3f808f7f5a88de375e170899b8e0b80f2d2d6d637d7b0331f860d265a05a2d9084ccdb82c448994

Download Submit
C:\Users\Admin\AppData\Roaming\ColorConsole\ColorConsole.ini

Filesize
85B

MD5
8c33f5c5591cde0101834fda63cc1a23

SHA1
161d0384ee8000419208f592697deeab2dc59e2f

SHA256
5a303795980f702f6301993bbc790a84b909143391f8d7c4d001420d27f680bc

SHA512
23d1752510b91b0e29acc2d57c11e25199eefd30cb0a70fc0f8ecaa5f4214e05fb223087552a18cd9a13e634c8c483a4ef6ceace02b398925090ae62ba01b96e

Download Submit
C:\Users\Admin\AppData\Roaming\ColorConsole\ColorConsole.ini

Filesize
25B

MD5
71bfa4b1b2a2049befa50a86463a014f

SHA1
8ca6218c1f92b40da01501e18786cc2724e4c769

SHA256
a4683279940ca2ea6c25b63f07f41d7e2eab4ac3246ff57c8c771e7c923abd29

SHA512
574ccbc6a9387eed4e74af3e06a5023db1f74e24a8a9f3e9a96bee77483c3e5da257df4ff7976f7e389f51ec9ca89c56b103186fe499f5f3839738cafe657735

Download Submit