981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a

Analysis

max time kernel
144s
max time network
123s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
19-07-2024 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe
Size

1.1MB
MD5

350b7d586d2f4a9376eb7ff9f05e238d
SHA1

8e6f0e607857d09bc941445a4ea974ce862cbf33
SHA256

981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a
SHA512

f90529a0a8407b50396d822876d147047b20d48f6e2a72834c245ceeed84b6788266fc491e33fdca2f435c02106581f68246bdf92b3ae8c00bdcec2f5e00d50a
SSDEEP

24576:reoLkFYvlvFqsAzTt3W/bg9yDQT6sB8vyS1fQOc8dCeNzCm:ZLKABdABW/bYAQZS6SBoPSCm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2564	981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2564	981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe
2564	981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe

C:\Users\Admin\AppData\Local\Temp\981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe
"C:\Users\Admin\AppData\Local\Temp\981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLClient.out

Filesize
2KB

MD5
e378c5d07303fc8618b2a922972cb62b

SHA1
bb4cb496d400f0cf073d86b5bc1ff9601897ff8a

SHA256
994a95b6ad99f3b1777c37ab18306ccdeb75d3543afd27d015d0098115feb2b6

SHA512
45e492bc66bd8155204419be3b6976b6bb652ba30b69a66fca3f495ccb70d9ac3faa796925a047c329075d4ce70b925a96c15a271991b235906d55fcb3698fcb

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLClient.out

Filesize
3KB

MD5
1ff229a193cfd5145eeed552564c7b09

SHA1
36f071372e2cb599a4a6c397b60fff00bd0d6f91

SHA256
3d4681e68bfc0aad76dec5de09e197d77f41c46f70fd8ee19e1b4235b65e2d3f

SHA512
f4f61e06852c70a015736a28de8a2f04cdbbdc996b9b53d64e47c4e086f7e3dcbdd257ec596aa268334ca849f0bad3c468e2f00c2e78a8e101de027ef0af0238

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLClient.out

Filesize
6KB

MD5
4edbf4b0cb79316aa270a01c57b85038

SHA1
6761886f04f375c5d4c8c9edc96bfd1c32c40e06

SHA256
66770c28212454174af3307152ff95e333dbec10f12bdd0a5b28f011f242b499

SHA512
602d5f581f16c76ac453b9fef095f3ba4fb05f8764a097da817840515e0966340e59d08b686a94578362acbfe80348c221cd1e5ee05b7c80dcc899e9c8348c8c

Download Submit
\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

Filesize
2.1MB

MD5
ed61fd7b791b5d92c9d2e965a97d6a74

SHA1
d9b063cbc417574fcfeb4bf3f9ac3e4f63c2eb94

SHA256
1aeb9443148323bd39f99b94caed0e43c53c33fb653c10b3b42b88b54a7c548b

SHA512
dbcd35c861d80ebcd8f36b205dd18d02331b158d6aca2996dd9c3dd41ece4102ffd8fb67b757b74e917af61587240bda9956c937c38362ba21e2c87e514b9cb0

Download Submit
memory/2564-1-0x00000000000D0000-0x00000000000D1000-memory.dmp

Filesize
4KB

Download