3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091

Analysis

max time kernel
42s
max time network
46s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29-10-2022 17:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091.exe
Size

269KB
MD5

53c12cc668b0a6b3a83dd518767cd610
SHA1

fe2a134ed335a46a16c78aab14481ccefc77bcec
SHA256

3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091
SHA512

c0f2de935104c04dd004cf55b686ba28eea176a259f1a20fcc37da6deaa676e8a42215cbbad0e030cd6db40d3d677203f6976dfb31c5b30bb86eaf5c0860d8e9
SSDEEP

3072:Fg9ldixtz8ji0a6KT0MP3OY5hO9Yohoa2bkTssiMan0fIjj+sj2uJOTG73IPBlI+:Slitz8j+0tz8Ylan0f0j2TG74

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091.exe
File opened (read-only)	\??\B:	3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\7z.exe	3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091.exe

C:\Users\Admin\AppData\Local\Temp\3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091.exe
"C:\Users\Admin\AppData\Local\Temp\3c9400a62b5e7ee26146bd3bbea8b8338999cb211375bf1b3bb055c67219e091.exe"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
PID:2000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-54-0x0000000001000000-0x0000000001046000-memory.dmp

Filesize
280KB

Download