Overview

overview

9

Static

static

9

a528b889c1...dc.exe

windows7-x64

9

a528b889c1...dc.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    150s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    29-06-2024 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a528b889c14531fffce99547457a1edbd1db80528ebed8bfa51abfee0129a9dc.exe

  • Size

    13.0MB

  • MD5

    e414cf942984553fcc1b1d69926dbe59

  • SHA1

    57cc5f01a9e29942100c0a2f49c9eb72ead14eb8

  • SHA256

    a528b889c14531fffce99547457a1edbd1db80528ebed8bfa51abfee0129a9dc

  • SHA512

    7253c0e2031bdec89b8ab7764882ba7f11172db6d313479f1fd92d4bdb80dc310577b8d257582071f6610ebc8b2f3c03f55d14d7df2eabfa0b1a8acb11a657e9

  • SSDEEP

    196608:f4HKDQBKkXy+XIt815j5tDobSUFQmvYUylab6cqz9oJb7n:faK0BK+tvj5t0ZFQmvYFm+9oJfn

Score
9/10
oss_ak

Malware Config

Signatures

  • detect oss ak 1 IoCs

    oss ak information detected.

    oss_ak
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Suspicious use of NtSetInformationThreadHideFromDebugger 37 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a528b889c14531fffce99547457a1edbd1db80528ebed8bfa51abfee0129a9dc.exe
    "C:\Users\Admin\AppData\Local\Temp\a528b889c14531fffce99547457a1edbd1db80528ebed8bfa51abfee0129a9dc.exe"
    1⤵
    • Enumerates connected drives
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    PID:2184

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

3
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

3
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2184-0-0x0000000000400000-0x000000000101D000-memory.dmp
    Filesize

    12.1MB

    Download
  • memory/2184-1-0x0000000074E40000-0x0000000074E87000-memory.dmp
    Filesize

    284KB

    Download
  • memory/2184-503-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-504-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-512-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-510-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-508-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-506-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-514-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-520-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-530-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-540-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-552-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-516-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-538-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-564-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-562-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-560-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-558-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-556-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-554-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-550-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-548-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-546-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-544-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-542-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-536-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-534-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-532-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-528-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-526-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-524-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-522-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download
  • memory/2184-518-0x0000000002F70000-0x0000000003081000-memory.dmp
    Filesize

    1.1MB

    Download