Overview

overview

10

Static

static

3

688851b3d0...86.exe

windows7-x64

10

688851b3d0...86.exe

windows10-2004-x64

10

$TEMP/F1ga...ed.exe

windows7-x64

10

$TEMP/F1ga...ed.exe

windows10-2004-x64

10

$TEMP/Shortfalls.exe

windows7-x64

4

$TEMP/Shortfalls.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    95s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2024 16:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    $TEMP/Shortfalls.exe

  • Size

    3.6MB

  • MD5

    1b8ae5c577608b9f780b3ad704679e0a

  • SHA1

    4402007d8e5ca59fe704d543a417c77e39dce762

  • SHA256

    039a6fd68c38bd081e9bca0181187df2653e501b5795d24ad6f895cf81c50bdf

  • SHA512

    9cc97013331ef3d4fbce1d1656ee5a28c193a50eabbf8fd75f2f1a8c57c00d2b32f82bdb35896209e3d7e24babfed607656b6e4a11a910fa099fbc25340587b3

  • SSDEEP

    98304:Gm+wj+XNf1GKVwspuM2ntX8RIx44l6MeNDkVly:262xwssMcX8q/bex2

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 20 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\$TEMP\Shortfalls.exe
    "C:\Users\Admin\AppData\Local\Temp\$TEMP\Shortfalls.exe"
    1⤵
    • Modifies registry class
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:3212

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3212-0-0x00007FFDBCE03000-0x00007FFDBCE05000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3212-1-0x000002044C880000-0x000002044CC18000-memory.dmp

    Filesize

    3.6MB

    Download

  • memory/3212-2-0x0000020467260000-0x000002046754E000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3212-3-0x000002044CFE0000-0x000002044CFF2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3212-4-0x00007FFDBCE00000-0x00007FFDBD8C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3212-5-0x00007FFDBCE00000-0x00007FFDBD8C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3212-6-0x00007FFDBCE00000-0x00007FFDBD8C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3212-7-0x00007FFDBCE03000-0x00007FFDBCE05000-memory.dmp

    Filesize

    8KB

    Download

  • memory/3212-8-0x0000020467650000-0x00000204677F9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3212-9-0x000002046CBE0000-0x000002046CEC2000-memory.dmp

    Filesize

    2.9MB

    Download

  • memory/3212-10-0x00007FFDBCE00000-0x00007FFDBD8C1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/3212-11-0x000002046CEC0000-0x000002046D0C6000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/3212-12-0x000002046D0F0000-0x000002046D102000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3212-13-0x000002046D600000-0x000002046DACC000-memory.dmp

    Filesize

    4.8MB

    Download

  • memory/3212-15-0x0000020467650000-0x00000204677F9000-memory.dmp

    Filesize

    1.7MB

    Download

  • memory/3212-16-0x00007FFDBCE00000-0x00007FFDBD8C1000-memory.dmp

    Filesize

    10.8MB

    Download