142482b54e8df90d91524768c5df2009899da7d011d6eff3082c9d4b26368a97

Analysis

max time kernel
16s
max time network
425s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20-07-2024 15:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
Size

986KB
MD5

f69cb073623d1cd054c140fc231fbeea
SHA1

cdbdf379204d9ee332659eb2ba456fbc96a0af65
SHA256

92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9
SHA512

83c3213880eddea42ccdcca7aff2bd6dc693b91a723a121e573d87288bf81b53c61a1e52f5ac59f3f3e761c9b88ace8c9772294b30aa9cd4ef66358bb7c56b56
SSDEEP

24576:WCdxte/80jYLT3U1jfsWaqP0/NHxkzK2Q:fw80cTsjkWaqIHxaM

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\y:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\k:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\m:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\q:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\t:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\u:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\w:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\b:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\e:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\g:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\h:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\s:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\z:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\a:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\i:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\l:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\p:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\r:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\v:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\j:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\n:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\o:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
File opened (read-only)	\??\x:	92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe

C:\Users\Admin\AppData\Local\Temp\92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe
"C:\Users\Admin\AppData\Local\Temp\92c50cd253de42823a2e1a59f2551aa315ceb12b8f741820bdbc14b5ebe1dfb9.exe"
1⤵
- Enumerates connected drives
PID:5028

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:3908

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:2236

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:1464

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:388

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:4480

C:\Windows\system32\dwm.exe
"dwm.exe"
1⤵
PID:2452

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ID_1fCGJXEy08oL3pJO8NQ8FvbtQL8W91_[20_07_2024_17_19]_[19041-authorization].php

Filesize
2KB

MD5
2e4b1518cc73a4e4e5fb38869be83cfe

SHA1
aec06b79d00b44797d1bcfa763c12dea78e406a3

SHA256
16206cb7283306ba6accc91401729c81444012755e60d6dcdb5958fd0f696f4f

SHA512
4e0572c87e36e96a3fc8e4d90fc1d369b1d744ec98771241d88c3af3f193b33767f64def09d83ad0559a2e91b61efb51be0aeae576305dd9c98e368d476760fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ID_1fCGJXEy08oL3pJO8NQ8FvbtQL8W91_[20_07_2024_17_19]_[19041-authorization].php

Filesize
2KB

MD5
3b5c95acc4403710d556b15592bf632a

SHA1
0f27d4d14da5c1b90be17db03104d9573aeb2e18

SHA256
475b094472186b9fff65da16c2daf060cc85200544f779bb3a083f6aa2473ea5

SHA512
028b22499432138af774e831c53ef99b43a20664320d414ec6ef1cfc4aa0e3dff5f334d14621d2fa372ada2aff7cfd7edc643cc5f9e022e109821f02a492bbf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\ID_1fCGJXEy08oL3pJO8NQ8FvbtQL8W91_[20_07_2024_17_19]_[19041-cabinet].php

Filesize
2KB

MD5
f12e239bbbe532b0636cba236bbc235a

SHA1
098c6fc86f3b64ddfb8a2b4abf88c5097873d158

SHA256
3445cebb7e8e030a594b36f3cd44f39bc2d56661733aa48d8be4ffdddefb9a90

SHA512
042b37cfcb67f57cef1a8e2dcb42a495e2f8a167a2860477bee1bd6084803465c35d70d791cca16e2acbb861ecaa6343793f01e96bc2f2ee3c83dd8b6696db09

Download Submit
C:\Users\Admin\AppData\Local\Temp\rabbit_1fCGJXEy08oL3pJO8NQ8FvbtQL8W91.php

Filesize
479B

MD5
e95b90cbaa1fd0356674ba8b38c71ba0

SHA1
12b3ea9e8ed1e3f6739dd7e7e57af398f8a93a63

SHA256
5c9569d6e022106c8759d07f605311fd565cf15719a0475f9ec4e3ee1cd463f1

SHA512
2c9773735f440d5cc03fec27a1c33d6a31a2e379af78a41f2489f55888abebf7712285de2ebd99277860a8c28161475587b013ce18c2d2fa5d1f1483ce37dc42

Download Submit