3583356b1900cc2f31f3a9115c912814069c1a8b233e48a274351d0ea3ec3a5e

Analysis

max time kernel
140s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
09/10/2024, 13:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Doc/IssDoc.exe
Size

372KB
MD5

f68b8f25410d49c33461b2aecca17ace
SHA1

ef54d2ea86017da04f583825fa5d3e3c478f3a33
SHA256

b6f04e8446d5e83f2ec14a2b711c02e588f0727c50c26789e51f287de172e438
SHA512

66d5bb4785a2f51d0ed3130cfa45668194d37de738b868a84084fac521e48aadfc71f02a643876bb581a38cd24d87ee234bef88ec0359a0e015168e86e9f7739
SSDEEP

6144:D0JAGHFfpO8PJtIOj4woM4yqXS7wIB6yK6bHX25foI8i8eIJ14woM4yDXy7w1H+3:D0LfpO8PJtIOj4woM4yqXS7wSbmfoI8Y

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\L:	IssDoc.exe
File opened (read-only)	\??\M:	IssDoc.exe
File opened (read-only)	\??\N:	IssDoc.exe
File opened (read-only)	\??\O:	IssDoc.exe
File opened (read-only)	\??\R:	IssDoc.exe
File opened (read-only)	\??\H:	IssDoc.exe
File opened (read-only)	\??\S:	IssDoc.exe
File opened (read-only)	\??\V:	IssDoc.exe
File opened (read-only)	\??\A:	IssDoc.exe
File opened (read-only)	\??\I:	IssDoc.exe
File opened (read-only)	\??\J:	IssDoc.exe
File opened (read-only)	\??\P:	IssDoc.exe
File opened (read-only)	\??\Z:	IssDoc.exe
File opened (read-only)	\??\T:	IssDoc.exe
File opened (read-only)	\??\U:	IssDoc.exe
File opened (read-only)	\??\W:	IssDoc.exe
File opened (read-only)	\??\B:	IssDoc.exe
File opened (read-only)	\??\E:	IssDoc.exe
File opened (read-only)	\??\G:	IssDoc.exe
File opened (read-only)	\??\K:	IssDoc.exe
File opened (read-only)	\??\Q:	IssDoc.exe
File opened (read-only)	\??\X:	IssDoc.exe
File opened (read-only)	\??\Y:	IssDoc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IssDoc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5080	IssDoc.exe
5080	IssDoc.exe

C:\Users\Admin\AppData\Local\Temp\Doc\IssDoc.exe
"C:\Users\Admin\AppData\Local\Temp\Doc\IssDoc.exe"
1⤵
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5080

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/5080-0-0x0000000002140000-0x0000000002191000-memory.dmp

Filesize
324KB

Download
memory/5080-2-0x0000000002100000-0x000000000211B000-memory.dmp

Filesize
108KB

Download
memory/5080-3-0x0000000072440000-0x00000000724B0000-memory.dmp

Filesize
448KB

Download
memory/5080-5-0x00000000724B0000-0x0000000072577000-memory.dmp

Filesize
796KB

Download
memory/5080-7-0x00000000774E0000-0x0000000077534000-memory.dmp

Filesize
336KB

Download
memory/5080-11-0x0000000077800000-0x0000000077833000-memory.dmp

Filesize
204KB

Download
memory/5080-9-0x0000000079B40000-0x0000000079BA1000-memory.dmp

Filesize
388KB

Download
memory/5080-8-0x0000000072DF0000-0x0000000072DFF000-memory.dmp

Filesize
60KB

Download
memory/5080-13-0x000000007B540000-0x000000007B584000-memory.dmp

Filesize
272KB

Download
memory/5080-16-0x0000000076560000-0x00000000765FB000-memory.dmp

Filesize
620KB

Download
memory/5080-15-0x0000000075BA0000-0x0000000075C59000-memory.dmp

Filesize
740KB

Download
memory/5080-14-0x0000000072D00000-0x0000000072D94000-memory.dmp

Filesize
592KB

Download
memory/5080-17-0x0000000078FE0000-0x000000007925E000-memory.dmp

Filesize
2.5MB

Download
memory/5080-20-0x0000000079BB0000-0x0000000079C0E000-memory.dmp

Filesize
376KB

Download
memory/5080-19-0x0000000079260000-0x000000007933B000-memory.dmp

Filesize
876KB

Download
memory/5080-18-0x0000000076600000-0x0000000076663000-memory.dmp

Filesize
396KB

Download
memory/5080-21-0x000000007AC40000-0x000000007B248000-memory.dmp

Filesize
6.0MB

Download
memory/5080-26-0x0000000077840000-0x0000000077858000-memory.dmp

Filesize
96KB

Download
memory/5080-25-0x000000007B420000-0x000000007B4E2000-memory.dmp

Filesize
776KB

Download
memory/5080-24-0x000000007B2A0000-0x000000007B2DB000-memory.dmp

Filesize
236KB

Download
memory/5080-23-0x000000007B250000-0x000000007B295000-memory.dmp

Filesize
276KB

Download
memory/5080-22-0x00000000771E0000-0x0000000077204000-memory.dmp

Filesize
144KB

Download