Overview

overview

7

Static

static

1

cce1cf601e...8d.exe

windows7-x64

3

cce1cf601e...8d.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    291s
  • max time network
    30s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    22-04-2023 17:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cce1cf601e23728f6783f55bbe926ef4be018bbaf2c65698423e347fcdd9778d.exe

  • Size

    253KB

  • MD5

    2b42a9613d2132e3fcc1f7fbac390b24

  • SHA1

    adb4bf1e2d2085f0ee54e467fdeba042c2276964

  • SHA256

    cce1cf601e23728f6783f55bbe926ef4be018bbaf2c65698423e347fcdd9778d

  • SHA512

    e60c2b318ed699cdc75eace766e4d570a8809fe7b9f64eb0e4a4141d10179b282c97f330965f5a0b99019abe7326665dbfbe36de2f60a2933bf8eadaae727c01

  • SSDEEP

    3072:asSCsbsZE1L8ZrB6PT+T89sOXnJ2jwiE90L6sv:ebsmL8ZrmTV9tXnJIc0L6s

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Delays execution with timeout.exe 28 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cce1cf601e23728f6783f55bbe926ef4be018bbaf2c65698423e347fcdd9778d.exe
    "C:\Users\Admin\AppData\Local\Temp\cce1cf601e23728f6783f55bbe926ef4be018bbaf2c65698423e347fcdd9778d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1976
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1308
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:756
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:648
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:1688
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:468
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:1704
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1868
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:660
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:280
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:1532
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:968
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:820
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1692
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:1636
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:1844
      • C:\Windows\SysWOW64\timeout.exe
        timeout 10
        3⤵
        • Delays execution with timeout.exe
        PID:1028
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C timeout 10
      2⤵
        PID:1196
        • C:\Windows\SysWOW64\timeout.exe
          timeout 10
          3⤵
          • Delays execution with timeout.exe
          PID:912
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /C timeout 10
        2⤵
          PID:972
          • C:\Windows\SysWOW64\timeout.exe
            timeout 10
            3⤵
            • Delays execution with timeout.exe
            PID:1648
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /C timeout 10
          2⤵
            PID:2016
            • C:\Windows\SysWOW64\timeout.exe
              timeout 10
              3⤵
              • Delays execution with timeout.exe
              PID:1848
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\System32\cmd.exe" /C timeout 10
            2⤵
              PID:904
              • C:\Windows\SysWOW64\timeout.exe
                timeout 10
                3⤵
                • Delays execution with timeout.exe
                PID:920
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /C timeout 10
              2⤵
                PID:864
                • C:\Windows\SysWOW64\timeout.exe
                  timeout 10
                  3⤵
                  • Delays execution with timeout.exe
                  PID:1600
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /C timeout 10
                2⤵
                  PID:380
                  • C:\Windows\SysWOW64\timeout.exe
                    timeout 10
                    3⤵
                    • Delays execution with timeout.exe
                    PID:1316
                • C:\Windows\SysWOW64\cmd.exe
                  "C:\Windows\System32\cmd.exe" /C timeout 10
                  2⤵
                    PID:1460
                    • C:\Windows\SysWOW64\timeout.exe
                      timeout 10
                      3⤵
                      • Delays execution with timeout.exe
                      PID:1932
                  • C:\Windows\SysWOW64\cmd.exe
                    "C:\Windows\System32\cmd.exe" /C timeout 10
                    2⤵
                      PID:520
                      • C:\Windows\SysWOW64\timeout.exe
                        timeout 10
                        3⤵
                        • Delays execution with timeout.exe
                        PID:1704
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\System32\cmd.exe" /C timeout 10
                      2⤵
                        PID:1088
                        • C:\Windows\SysWOW64\timeout.exe
                          timeout 10
                          3⤵
                          • Delays execution with timeout.exe
                          PID:1464
                      • C:\Windows\SysWOW64\cmd.exe
                        "C:\Windows\System32\cmd.exe" /C timeout 10
                        2⤵
                          PID:588
                          • C:\Windows\SysWOW64\timeout.exe
                            timeout 10
                            3⤵
                            • Delays execution with timeout.exe
                            PID:1888
                        • C:\Windows\SysWOW64\cmd.exe
                          "C:\Windows\System32\cmd.exe" /C timeout 10
                          2⤵
                            PID:1636
                            • C:\Windows\SysWOW64\timeout.exe
                              timeout 10
                              3⤵
                              • Delays execution with timeout.exe
                              PID:604
                          • C:\Windows\SysWOW64\cmd.exe
                            "C:\Windows\System32\cmd.exe" /C timeout 10
                            2⤵
                              PID:1080
                              • C:\Windows\SysWOW64\timeout.exe
                                timeout 10
                                3⤵
                                • Delays execution with timeout.exe
                                PID:736
                            • C:\Windows\SysWOW64\cmd.exe
                              "C:\Windows\System32\cmd.exe" /C timeout 10
                              2⤵
                                PID:1952
                                • C:\Windows\SysWOW64\timeout.exe
                                  timeout 10
                                  3⤵
                                  • Delays execution with timeout.exe
                                  PID:1544
                              • C:\Windows\SysWOW64\cmd.exe
                                "C:\Windows\System32\cmd.exe" /C timeout 10
                                2⤵
                                  PID:1428
                                  • C:\Windows\SysWOW64\timeout.exe
                                    timeout 10
                                    3⤵
                                    • Delays execution with timeout.exe
                                    PID:788
                                • C:\Windows\SysWOW64\cmd.exe
                                  "C:\Windows\System32\cmd.exe" /C timeout 10
                                  2⤵
                                    PID:964
                                    • C:\Windows\SysWOW64\timeout.exe
                                      timeout 10
                                      3⤵
                                      • Delays execution with timeout.exe
                                      PID:760
                                  • C:\Windows\SysWOW64\cmd.exe
                                    "C:\Windows\System32\cmd.exe" /C timeout 10
                                    2⤵
                                      PID:1988
                                      • C:\Windows\SysWOW64\timeout.exe
                                        timeout 10
                                        3⤵
                                        • Delays execution with timeout.exe
                                        PID:1600
                                    • C:\Windows\SysWOW64\cmd.exe
                                      "C:\Windows\System32\cmd.exe" /C timeout 10
                                      2⤵
                                        PID:1044
                                        • C:\Windows\SysWOW64\timeout.exe
                                          timeout 10
                                          3⤵
                                          • Delays execution with timeout.exe
                                          PID:1324
                                      • C:\Windows\SysWOW64\cmd.exe
                                        "C:\Windows\System32\cmd.exe" /C timeout 10
                                        2⤵
                                          PID:1932
                                          • C:\Windows\SysWOW64\timeout.exe
                                            timeout 10
                                            3⤵
                                            • Delays execution with timeout.exe
                                            PID:976
                                        • C:\Windows\SysWOW64\cmd.exe
                                          "C:\Windows\System32\cmd.exe" /C timeout 10
                                          2⤵
                                            PID:1788
                                            • C:\Windows\SysWOW64\timeout.exe
                                              timeout 10
                                              3⤵
                                              • Delays execution with timeout.exe
                                              PID:880
                                          • C:\Windows\SysWOW64\cmd.exe
                                            "C:\Windows\System32\cmd.exe" /C timeout 10
                                            2⤵
                                              PID:1892
                                              • C:\Windows\SysWOW64\timeout.exe
                                                timeout 10
                                                3⤵
                                                • Delays execution with timeout.exe
                                                PID:1612

                                          Network

                                          MITRE ATT&CK Matrix ATT&CK v6

                                          Initial Access

                                          Execution

                                          Persistence

                                          Privilege Escalation

                                          Defense Evasion

                                          Credential Access

                                          Discovery

                                          System Information Discovery

                                          1
                                          T1082

                                          Lateral Movement

                                          Collection

                                          Exfiltration

                                          Command and Control

                                          Impact

                                          Replay Monitor

                                          Loading Replay Monitor...

                                          Downloads

                                          • memory/1976-54-0x0000000001290000-0x00000000012D4000-memory.dmp
                                            Filesize

                                            272KB

                                            Download
                                          • memory/1976-55-0x00000000011B0000-0x00000000011F0000-memory.dmp
                                            Filesize

                                            256KB

                                            Download
                                          • memory/1976-56-0x00000000011B0000-0x00000000011F0000-memory.dmp
                                            Filesize

                                            256KB

                                            Download