839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a

Analysis

max time kernel
51s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/06/2024, 12:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Size

2.9MB
MD5

e96192df32f90a8602d927e3fda29533
SHA1

e257becc8c8be4cd7523f3359735b32b70b54b26
SHA256

839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a
SHA512

c5755a0086194d7b7398500b0d46fda3cd5605ab6ed1e349626c6895256828d7722bc9c67960c7fb89016314e8434bbf1907a85bc6cece33405e387caac8c8f1
SSDEEP

49152:VCLMOUfG6RTcrQ+0pFLhCTDeYgDkciW5+sSVjTGEcFEvitvN:VCgO0P/+0DLhiAIo5cVjTGEtvitvN

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 18 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
Key created	\REGISTRY\USER\S-1-5-21-3558294865-3673844354-2255444939-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
216	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
216	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
216	839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe

C:\Users\Admin\AppData\Local\Temp\839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe
"C:\Users\Admin\AppData\Local\Temp\839781249c6d5934aea7d5093aa584f97c3cbcf4d1beed28c5c108efe09f9e8a.exe"
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/216-0-0x0000000000400000-0x00000000006EA000-memory.dmp

Filesize
2.9MB

Download