Overview

overview

10

Static

static

10

36.exe

windows7-x64

3

36.exe

windows10-2004-x64

3

Enalib.exe

windows7-x64

10

Enalib.exe

windows10-2004-x64

10

RDriver.exe

windows7-x64

8

RDriver.exe

windows10-2004-x64

8

SDriver.exe

windows7-x64

3

SDriver.exe

windows10-2004-x64

3

T.exe

windows7-x64

10

T.exe

windows10-2004-x64

10

autoruns.exe

windows7-x64

3

autoruns.exe

windows10-2004-x64

3

e.exe

windows7-x64

10

e.exe

windows10-2004-x64

10

fake jpg shit.lnk

windows7-x64

10

fake jpg shit.lnk

windows10-2004-x64

10

fake photo.lnk

windows7-x64

3

fake photo.lnk

windows10-2004-x64

7

noyjhoadw.exe

windows7-x64

10

noyjhoadw.exe

windows10-2004-x64

10

unins000.exe

windows7-x64

3

unins000.exe

windows10-2004-x64

3

use for by...ck.exe

windows7-x64

8

use for by...ck.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    20s
  • max time network
    24s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/01/2025, 13:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    autoruns.exe

  • Size

    1.7MB

  • MD5

    61506280fc7e663db6715ac2206af6d4

  • SHA1

    3b42f1e497c909d48343768b58e9e5222d540330

  • SHA256

    f41051697b220757f3612ecd00749b952ce7bcaadd9dc782d79ef0338e45c3b6

  • SHA512

    4343ace3777173fbf68c501d15011fec940f9f3eea7206712f9934bab432d15753b4c6c0369eb14b8341221992f964c5a37c23a655255572b1a13cde717b2472

  • SSDEEP

    12288:g1hJ7jnpTutVfjKHhO5VwocPYOhV6y4wO9y+IpunYtALwBzKn2CXrfZetCvmK2UI:WcaHhMcPYq6+O+puYtAcBzg/7SmGNJ

Score
3/10
discovery

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies system certificate store 2 TTPs 3 IoCs
    defense_evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\autoruns.exe
    "C:\Users\Admin\AppData\Local\Temp\autoruns.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Modifies system certificate store
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:4752

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads