c27858ada291ddb62d565b040a801988ce62f73b2640b6f7c7fe593084e7d320

Analysis

max time kernel
140s
max time network
127s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/07/2024, 07:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4172.exe
Size

2.4MB
MD5

baa5e3537bea728d1bac335ddedcd23b
SHA1

30327e6b8db08aa389d476e50f8859e9943912ff
SHA256

45ff3eecd521a94e03871dd4d42224fd1baa5f154391f6b0dfde779bb2a6a5af
SHA512

1df0deae706c1977a4aeacf1cd8c233506c6ad6b10976560baeca0be8b43f7723cc4970d0119940c947cee853b7810fc99b5e36b1e44cb4dfebca79383ab198d
SSDEEP

24576:5elo5jh+9b8SL1lAdL5+FPI3YqOcHQSFablTmVfjxquGjHneFUJfKYq9BdnxoUKf:Ul+h+1qs0Y/BTmGuGjHnevYgn2SY

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2756	4172.exe

C:\Users\Admin\AppData\Local\Temp\4172.exe
"C:\Users\Admin\AppData\Local\Temp\4172.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2756-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2756-1-0x0000000000400000-0x0000000000640000-memory.dmp

Filesize
2.2MB

Download
memory/2756-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download