Resubmissions
09-05-2023 19:22
230509-x3fn4adg58 1009-05-2023 19:14
230509-xxsrgaff7x 1009-05-2023 19:14
230509-xxr5yadg42 709-05-2023 19:14
230509-xxrt6sff7w 809-05-2023 19:14
230509-xxrjeaff7v 809-05-2023 19:14
230509-xxqxwadg39 709-05-2023 19:14
230509-xxql4sff7t 1009-05-2023 19:14
230509-xxqbcadg38 709-05-2023 19:10
230509-xvl6xadf64 10Analysis
-
max time kernel
30s -
max time network
36s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
-
submitted
09-05-2023 19:14
General
-
Target
trojan-leaks-main/skidded/Unis.exe
-
Size
892KB
-
MD5
e72088233e9d7d1d9826a35604c49fd7
-
SHA1
fa8a5990e2e1b7fb8e23af3ae54be58fce2125c2
-
SHA256
d2e3b68594ba8a21eb03056554dcc6ed43030e6e2969caef6f205fe86390339c
-
SHA512
3fdf6da405782b8ab3105ae088b85f0616df27fb58042bc9e4adc458017e345e8bb4199ccc1b4682f8471bc463c888ff658513bb25ed0f1cc6027c0606cf69b5
-
SSDEEP
12288:GoSWNTlKOtLP3gagtWFvD34Isq0hZsEZy35LDSbtn6tfJtvDyG4G99:GoS2TlhtKidsd+EZV6NJdUA9
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\skidded\Unis.exe"C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\skidded\Unis.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3AA1.tmp\3AA2.tmp\3AA3.bat C:\Users\Admin\AppData\Local\Temp\trojan-leaks-main\skidded\Unis.exe"2⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
714B
MD5c645904efc201e9cc2660d251a08f3cb
SHA16d35f7f5f7012710b228a280e2a49eff98e4adcd
SHA2564e254ec30432a08d7a2a11ed188bd017fd555bd998c7233c1f444541fac5001b
SHA512053f781df0403561cf5889aa7d0688f5ab13a2005524aa4ac2be911c0a7597544763c726d9e40e894773bcc73e37f11113576fa2567d05e83ff64790e423ef73