981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 16:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe
Size

1.1MB
MD5

350b7d586d2f4a9376eb7ff9f05e238d
SHA1

8e6f0e607857d09bc941445a4ea974ce862cbf33
SHA256

981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a
SHA512

f90529a0a8407b50396d822876d147047b20d48f6e2a72834c245ceeed84b6788266fc491e33fdca2f435c02106581f68246bdf92b3ae8c00bdcec2f5e00d50a
SSDEEP

24576:reoLkFYvlvFqsAzTt3W/bg9yDQT6sB8vyS1fQOc8dCeNzCm:ZLKABdABW/bYAQZS6SBoPSCm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
4976	981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4976	981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe
4976	981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe

C:\Users\Admin\AppData\Local\Temp\981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe
"C:\Users\Admin\AppData\Local\Temp\981a9cee3d1c682bf60b3d77fed7bdacd7151c6de957dd5606dcb07999b80b2a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:4976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLClient.out

Filesize
9KB

MD5
630ccae91b2dc425731286077bfbe9bd

SHA1
bda574c67216106fb6db234bfa75dd9521f55b33

SHA256
61e67c289468dd0aa06b63b3fcb9e7092883c642fea9a0dce5fd2819c8f9d060

SHA512
25da43f43782d0904b2d793cea37befe98f52f7f6a173019188fad914faeb8b532a3dbfbfe704ebf79da278aa8a2be39f92b6f2572fa58a047e62fd9f206369f

Download Submit
C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

Filesize
2.1MB

MD5
ed61fd7b791b5d92c9d2e965a97d6a74

SHA1
d9b063cbc417574fcfeb4bf3f9ac3e4f63c2eb94

SHA256
1aeb9443148323bd39f99b94caed0e43c53c33fb653c10b3b42b88b54a7c548b

SHA512
dbcd35c861d80ebcd8f36b205dd18d02331b158d6aca2996dd9c3dd41ece4102ffd8fb67b757b74e917af61587240bda9956c937c38362ba21e2c87e514b9cb0

Download Submit
memory/4976-1-0x0000000000C40000-0x0000000000C41000-memory.dmp

Filesize
4KB

Download
memory/4976-3-0x00000000028E0000-0x00000000028E1000-memory.dmp

Filesize
4KB

Download
memory/4976-4-0x00000000028F0000-0x00000000028F1000-memory.dmp

Filesize
4KB

Download
memory/4976-7-0x0000000002920000-0x0000000002921000-memory.dmp

Filesize
4KB

Download
memory/4976-6-0x0000000002910000-0x0000000002911000-memory.dmp

Filesize
4KB

Download
memory/4976-5-0x0000000002900000-0x0000000002901000-memory.dmp

Filesize
4KB

Download
memory/4976-2-0x0000000000C60000-0x0000000000C61000-memory.dmp

Filesize
4KB

Download