2921464d60e943eecd345e1854fab260e2d8b8784ef30d6ba09f256e6aa0a335

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
09-08-2024 19:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2921464d60e943eecd345e1854fab260e2d8b8784ef30d6ba09f256e6aa0a335.exe
Size

5.7MB
MD5

e18201d7d6416f8b9ff0357ed9a39214
SHA1

2901e317c23133e7b6f91ca15cdfe68a53fa1c73
SHA256

2921464d60e943eecd345e1854fab260e2d8b8784ef30d6ba09f256e6aa0a335
SHA512

8b8a6385c36ab8737fa6bef8bebf5051a47d82c188fafc19fb9874b468bb6b3b2ecf0464120b2aac73f3aeef7636d873f50079f9838c25d75780550f80d0a7ed
SSDEEP

98304:IWkTMd+cVzUEB4qxwvonRvztDbsM9ZmETqTR9y1oA5hFaNCUoEc6stvvI5U:eTx7EB4qNtfs+TsuoA5DaNCUFstvvaU

Score

5^/10

Malware Config

Signatures

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3952	2921464d60e943eecd345e1854fab260e2d8b8784ef30d6ba09f256e6aa0a335.exe
3952	2921464d60e943eecd345e1854fab260e2d8b8784ef30d6ba09f256e6aa0a335.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\2921464d60e943eecd345e1854fab260e2d8b8784ef30d6ba09f256e6aa0a335.exe
"C:\Users\Admin\AppData\Local\Temp\2921464d60e943eecd345e1854fab260e2d8b8784ef30d6ba09f256e6aa0a335.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
PID:3952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3952-0-0x00007FF76DDA0000-0x00007FF76ECF9000-memory.dmp

Filesize
15.3MB

Download
memory/3952-1-0x00007FF4F4910000-0x00007FF4F4CE1000-memory.dmp

Filesize
3.8MB

Download
memory/3952-2-0x00007FFD57B6D000-0x00007FFD57B6E000-memory.dmp

Filesize
4KB

Download
memory/3952-3-0x00007FFD57AD0000-0x00007FFD57CC5000-memory.dmp

Filesize
2.0MB

Download
memory/3952-5-0x00007FFD57AD0000-0x00007FFD57CC5000-memory.dmp

Filesize
2.0MB

Download
memory/3952-6-0x00007FFD57AD0000-0x00007FFD57CC5000-memory.dmp

Filesize
2.0MB

Download
memory/3952-4-0x00007FFD57AD0000-0x00007FFD57CC5000-memory.dmp

Filesize
2.0MB

Download
memory/3952-22-0x00007FF76DDA0000-0x00007FF76ECF9000-memory.dmp

Filesize
15.3MB

Download
memory/3952-23-0x00007FF76DDA0000-0x00007FF76ECF9000-memory.dmp

Filesize
15.3MB

Download
memory/3952-24-0x00007FF76DDA0000-0x00007FF76ECF9000-memory.dmp

Filesize
15.3MB

Download
memory/3952-25-0x00007FFD57AD0000-0x00007FFD57CC5000-memory.dmp

Filesize
2.0MB

Download
memory/3952-26-0x00007FF76DDA0000-0x00007FF76ECF9000-memory.dmp

Filesize
15.3MB

Download
memory/3952-27-0x00007FF4F4910000-0x00007FF4F4CE1000-memory.dmp

Filesize
3.8MB

Download
memory/3952-28-0x00007FFD57AD0000-0x00007FFD57CC5000-memory.dmp

Filesize
2.0MB

Download