Analysis
-
max time kernel
142s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
13-06-2024 01:10
Static task
static1
Behavioral task
behavioral1
Sample
DAT#OS#ELEKRVHIINOX_FISCALlauy.exe
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
DAT#OS#ELEKRVHIINOX_FISCALlauy.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~EMRT6633hdql.dll
Resource
win10v2004-20240508-en
General
-
Target
DAT#OS#ELEKRVHIINOX_FISCALlauy.exe
-
Size
125.9MB
-
MD5
a271992265ba87e99536059255b1d5ee
-
SHA1
f093c39d2cfc7b1f0bb78bc6e82a5154ac2eaea2
-
SHA256
3687ce1b0865f1c821d471d3f85b8403b5cfd127f807bb1f3aa9cd2fef7db4d9
-
SHA512
cfbec8e0ec5ca73bb0e8e68997c5ab52932a135dceb47ea2117d9c96b4d6b6b3d8608900ddac99979e8d034451f71d459658fc4bc66c0d1e360efc5e53c0fe1d
-
SSDEEP
98304:5qgAhmsJqcnZQ4RpKtHyBGKQ1kz4kiDC8KM7q55etk0O9W1l:JArlgxKRJiDC8KM33O9W1l
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 2424 DAT#OS#ELEKRVHIINOX_FISCALlauy.exe 2424 DAT#OS#ELEKRVHIINOX_FISCALlauy.exe 2424 DAT#OS#ELEKRVHIINOX_FISCALlauy.exe 2424 DAT#OS#ELEKRVHIINOX_FISCALlauy.exe