7201a384c7c2a11fe09269e42354b6f2bb56b8e188e8c328b14bccdd7e63a282

Analysis

max time kernel
118s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
14/09/2024, 19:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

529196d72869de8b9dde0bc0f01ccdd0N.exe
Size

1.6MB
MD5

529196d72869de8b9dde0bc0f01ccdd0
SHA1

487bb2222a1b19158a4a0c2c08377fabc1109698
SHA256

7201a384c7c2a11fe09269e42354b6f2bb56b8e188e8c328b14bccdd7e63a282
SHA512

620154c26d674a16df020cfd390d54d35a5045b0f823e76f321e8a569f021ef467142b35bd08835a927e6934e7dea5bbf9704f34f331c7089251df63a4bbb223
SSDEEP

12288:25cqQQdZ0U02cPh+bszyzBc17NFuruQ+rNxicoeYrvZCHVnyVggrSDT5kC8IHDtq:25cAN02cPhBjdZjHhQ6giafmvJW5

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\Windows\INF\oem0.PNF	529196d72869de8b9dde0bc0f01ccdd0N.exe
File created	C:\Windows\INF\oem1.PNF	529196d72869de8b9dde0bc0f01ccdd0N.exe
File created	C:\Windows\INF\oem2.PNF	529196d72869de8b9dde0bc0f01ccdd0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4960	529196d72869de8b9dde0bc0f01ccdd0N.exe
4960	529196d72869de8b9dde0bc0f01ccdd0N.exe

C:\Users\Admin\AppData\Local\Temp\529196d72869de8b9dde0bc0f01ccdd0N.exe
"C:\Users\Admin\AppData\Local\Temp\529196d72869de8b9dde0bc0f01ccdd0N.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:4960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\INF\oem0.PNF

Filesize
5KB

MD5
1b80e92fe3fd15bcb121450d31b6eb0d

SHA1
039b38cf552f921ab87edddf02985973a97df0e6

SHA256
dcde9e2a65798175a1a9539d025687c92d887970f9d44363315994d3c3e7deec

SHA512
72999f5651ce2bad1677642b462c7bd9e8b640e94991b5e473c86257339cdec67a21718667247b52445db6d0d0fe242145f675694ebf275cb4cb4086c3f69d09

Download Submit
C:\Windows\INF\oem1.PNF

Filesize
5KB

MD5
8e9efe1ce7f3e02e0c0bd80bffda425d

SHA1
a27a570b5b596bd3702901f9685145114457875e

SHA256
d1e8192c1d4363e6326309f6d91fc37088b3d968d0a7d5a1bb25918e29c76037

SHA512
243c4e799cf4b28615d09a20146e6e0d00c022f70c3584881012fa7966e70cbcabc54a79553bdfbb71308fd2090c985b6699c801f0ba488b8df13c4bc3daafde

Download Submit
C:\Windows\INF\oem2.PNF

Filesize
6KB

MD5
0772321fa8b8fdab52ae359c7a0d5737

SHA1
c04a9fcd54bc4d171db521894a001ce792506364

SHA256
e537353ec45fae54d1ade54187682a04d3d36884d3a35821c11e38e07e6d5f79

SHA512
49052d48135ab19d11ef27f9d50855ad9216b29387016e016df2e3ec18ac03213acbb5cf495b1cabb34919887dd821a4069cf3ff5698c29d713bfacc929bdee9

Download Submit
memory/4960-0-0x0000000140000000-0x000000014023E000-memory.dmp

Filesize
2.2MB

Download
memory/4960-10-0x0000000140000000-0x000000014023E000-memory.dmp

Filesize
2.2MB

Download