Analysis
-
max time kernel
118s -
max time network
118s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
21-06-2024 00:50
Behavioral task
behavioral1
Sample
8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe
Resource
win10v2004-20240508-en
General
-
Target
8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe
-
Size
3.8MB
-
MD5
9e528fff92ecef5e11831a67464ecc92
-
SHA1
646380e570a620fb8195337ba6d7e5dee81d6792
-
SHA256
8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a
-
SHA512
d8864baa557ff571346a923873c7baa6904c0c029493a90d73f28b706ee4e8b62d6ef41b4595e6e497007aa921311eb358e0433b052afc144e8c632c5cf5a5fe
-
SSDEEP
49152:s9DzwXsPS4TgWAjWWCsVb6KUpZ+hDg1F2d6nOb+s8KuqGaX0ToIBAUZLYqz:sQ8PS40WAjW5SbWf+YFCmDJBAUZL9
Malware Config
Signatures
-
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exedescription ioc process File opened (read-only) \??\B: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\H: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\I: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\M: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\E: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\N: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\O: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\P: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\R: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\Z: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\A: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\T: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\U: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\X: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\Y: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\S: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\V: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\W: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\G: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\J: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\K: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\L: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe File opened (read-only) \??\Q: 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe -
Suspicious behavior: LoadsDriver 4 IoCs
Processes:
pid process 476 476 476 476 -
Suspicious use of AdjustPrivilegeToken 2 IoCs
Processes:
8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exedescription pid process Token: 33 1068 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe Token: SeIncBasePriorityPrivilege 1068 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
Processes:
8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exepid process 1068 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe 1068 8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe"C:\Users\Admin\AppData\Local\Temp\8e77176e55a7244b70a9273fb75ecac80974d47386c7f346e7f5d315b4574e4a.exe"1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1068