41f31735277d92b74799a03df68d5daf9f0ca5cff6659db78d85ccdc2da73f01

Analysis

max time kernel
121s
max time network
162s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2024 17:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

smskb20100920.exe
Size

1.1MB
MD5

e24b4f5fc99386c40a71d4c3a854794c
SHA1

99f767c6fd68904e796fea37d7fd8934d8731392
SHA256

6663290042262b9687d06339c785e376cef17ab068d4bf5912e0530d43fca567
SHA512

1979e243827d195646efd67c98a9aa7935ebd7715af3172516e7a92b28fd4ec4775e35e881983cca6bb73fb0cb0644e9750a29037861f10e1dc48004dda02ca9
SSDEEP

24576:Wyq72yrRsywzO/gkFOCCQ9qn3Xy8554CgAT1co3Dp3Pw1iqq980yI6S8b6c3:dA/wKItCCQkHV554pMc03IAqU80yyej3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1292	smsk.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1292	smsk.exe
1292	smsk.exe
1292	smsk.exe
1292	smsk.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4148 wrote to memory of 1292	4148	smskb20100920.exe	85
PID 4148 wrote to memory of 1292	4148	smskb20100920.exe	85
PID 4148 wrote to memory of 1292	4148	smskb20100920.exe	85

C:\Users\Admin\AppData\Local\Temp\smskb20100920.exe
"C:\Users\Admin\AppData\Local\Temp\smskb20100920.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4148
- C:\Users\Admin\AppData\Local\Temp\smsk.exe
  C:\Users\Admin\AppData\Local\Temp
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\c.txt

Filesize
1B

MD5
7215ee9c7d9dc229d2921a40e899ec5f

SHA1
b858cb282617fb0956d960215c8e84d1ccf909c6

SHA256
36a9e7f1c95b82ffb99743e0c5c4ce95d83c9a430aac59f84ef3cbfab6145068

SHA512
f90ddd77e400dfe6a3fcf479b00b1ee29e7015c5bb8cd70f5f15b4886cc339275ff553fc8a053f8ddc7324f45168cffaf81f8c3ac93996f6536eef38e5e40768

Download Submit
C:\Users\Admin\AppData\Local\Temp\ggxs.htm

Filesize
2KB

MD5
fa707f1ff0bfcf4f19d7cced296607ab

SHA1
44f92dccda5e86b770776151a6296900f1631a5e

SHA256
9f978fd4d6d447d887be26571d031f30d29969b78df219a027f86939ed2ccb18

SHA512
9fa01469a51772d475960eb56892a43dfcf6f12d8737def6d1835d931e0234a2d5cdd619b712dd6fd6e0b5499a86a84f8219e79c744a858644d621663f0c8902

Download Submit
C:\Users\Admin\AppData\Local\Temp\smsk.dll

Filesize
2.9MB

MD5
ba2773eb75da7c7656096c8a3e1e9bee

SHA1
b07c2e3266040cd00d899f067711c474a1e03d94

SHA256
eb9211f25ecdaba1b98284b27e525fee0989d51fb40e96a2e8bfbd0617d62f5d

SHA512
989450ae8f17cb503142de5c976e9974a7d0acbd0e5bc3d0f73fc32e3d47fc74825dadea2946946d117836f0682840133f86f1666d5f97c107e407eeec4016aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\smsk.exe

Filesize
1.3MB

MD5
1ad513450db877255b86d3e2da91c689

SHA1
839bd314e3f56f0a80a9fbd5fbce59ac4f23c637

SHA256
8196c37f62f86b509173cd5a9571334f42da92237964704c62f11ffcdacae804

SHA512
6c8752c949a2d9bb89058de451091bb55d93fa6a9875ade9544e44e843a4654a0f9b13e6b4dd71c3e8f86f04bb35b0b52b10951a89023edf8fe72eb4e5afeed1

Download Submit
memory/4148-0-0x0000000000400000-0x00000000009E6000-memory.dmp

Filesize
5.9MB

Download
memory/4148-1-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4148-2-0x0000000000400000-0x00000000009E6000-memory.dmp

Filesize
5.9MB

Download
memory/4148-8-0x0000000002780000-0x0000000002781000-memory.dmp

Filesize
4KB

Download
memory/4148-15-0x0000000000400000-0x00000000009E6000-memory.dmp

Filesize
5.9MB

Download
memory/4148-16-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download