9ebfb7e3c1394ea3aec0641497db4af4643369243aec0a6703b7fa3a773dea3b

Analysis

max time kernel
147s
max time network
150s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$PLUGINSDIR/apple-scc.exe
Size

894KB
MD5

9063d36084fbe906558c507409a71377
SHA1

4ba56ab05ed64d5e447e93d05544680d31ff1a6b
SHA256

bcdbcadc5b2b21a64a0f9caa3413745c7ed4d137d3bb0cd79526368ecc7f214d
SHA512

c3c211bd4867efd66243194b3e9514a34c197e527a83e6384a88ceaa54d1547f37713fef8180c4b0fcc23f9bb81208de905525eb107b38a5619ce88aa86d2394
SSDEEP

24576:M4QLWUfv+QjsSjgfrWlWWSCFgtx4/OJmn5gHv3Ry3NT2ZP0ro4kT42:M7dGEEjWV3cx4/u+gHv3m2ZL4f2

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2296	apple-scc.exe

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\apple-scc.exe
"C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\apple-scc.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\settings.ini

Filesize
20B

MD5
2ee735d83d51cadaf54afa54668330c9

SHA1
7c6a6421a213af6106c21b60e05b86c05662c066

SHA256
2ce28859e79a3236cd72465f3bea5c7ff129ee6532987d17bdfbc6be10dd91b5

SHA512
955d2d7cb373d6617ee916f7dd8369d53de4ce92187c3070439e20ca477a8b3db24f940ef31019ce35dec90f12239cb4b74db11af17a7c78617ffc7c801efe4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\settings.ini

Filesize
74B

MD5
1829fd58a6185c1a056cea7d75d1cd17

SHA1
d20f470e23c8474bdf9fa302a21943460a6a9ccb

SHA256
b3626ce9251c8b0cab401d48763c8f9395ef15c2fb4e7d0f371ca45e4f92a478

SHA512
9dd91c929ca2f210d54b2cf75a3ae83efd33d98fa1ab4965f8fbb1f83fd6687fed86a75b01c16d22d6b6a7a7cd1d083db71179f61138288f53fca6102db5fd59

Download Submit
memory/2296-274-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-321-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-36-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/2296-85-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-132-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-156-0x0000000000CA0000-0x0000000000CA1000-memory.dmp

Filesize
4KB

Download
memory/2296-180-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-227-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-1-0x0000000000160000-0x0000000000162000-memory.dmp

Filesize
8KB

Download
memory/2296-0-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-368-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-415-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-462-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-509-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-556-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-603-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-627-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download
memory/2296-674-0x0000000000CE0000-0x0000000000FB5000-memory.dmp

Filesize
2.8MB

Download