d0eb5f80bff682180e643fd0133d4561d1e9ed6b3690f2f95e9839cf53d088e8

Analysis

max time kernel
22s
max time network
24s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
27/09/2024, 16:39

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

IMPACTALLIN1.exe
Size

14.9MB
MD5

075b13db6cfe4b4ce2610e1d062d49ca
SHA1

19ba8821dfff96735f45901b6a8422698e3a8f05
SHA256

d0eb5f80bff682180e643fd0133d4561d1e9ed6b3690f2f95e9839cf53d088e8
SHA512

f778c9b9fea526028aeb8d980367349d08046ec13193c2e2993245d7a658ed21e47afb51f867c60ee978d0064c6563fc15f1724198fd79e922962ca5f6c5d0fa
SSDEEP

393216:DPWk1FNBxLt/hjcT02FF6gzql7FJZ8M8D/aZd7xJCL:vBxVhIT02FFnOlRJZo2b7PM

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4496	taskmgr.exe
Token: SeSystemProfilePrivilege	4496	taskmgr.exe
Token: SeCreateGlobalPrivilege	4496	taskmgr.exe

Suspicious use of FindShellTrayWindow 20 IoCs

pid	Process
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe
4496	taskmgr.exe

C:\Users\Admin\AppData\Local\Temp\IMPACTALLIN1.exe
"C:\Users\Admin\AppData\Local\Temp\IMPACTALLIN1.exe"
1⤵
PID:5004

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/4496-0-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-1-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-2-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-12-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-11-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-10-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-9-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-8-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-7-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download
memory/4496-6-0x000001DACB160000-0x000001DACB161000-memory.dmp

Filesize
4KB

Download