c8ce5740a8d263c665e0a9117cab7dccf0961ec6cc4d765e7038e6de8f9c111a

Analysis

max time kernel
55s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2023, 04:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

tmp.exe
Size

3.9MB
MD5

4b1939902232c11b9823d6c3d96c99be
SHA1

d9c957c672a978251476385dba46e87bf13fce1a
SHA256

c8ce5740a8d263c665e0a9117cab7dccf0961ec6cc4d765e7038e6de8f9c111a
SHA512

de83412349c077f4569f4b16ee3c7fc7330a89afadfed540d6bc0da84cdf198da2fc8822a95b17868b4bd34c02b5e36774f16e6edec20d23cf167185bfa92ea2
SSDEEP

98304:+JfC5u8dO+Nn10conAH3vd2PfevrAAG/tXWs:+mc+D0cc8WWvrXG/t

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4660	new.exe

Loads dropped DLL 4 IoCs

pid	Process
4660	new.exe
4660	new.exe
4660	new.exe
4660	new.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 4964 wrote to memory of 4660	4964	tmp.exe	83
PID 4964 wrote to memory of 4660	4964	tmp.exe	83
PID 4660 wrote to memory of 1700	4660	new.exe	84
PID 4660 wrote to memory of 1700	4660	new.exe	84
PID 4660 wrote to memory of 4428	4660	new.exe	85
PID 4660 wrote to memory of 4428	4660	new.exe	85

C:\Users\Admin\AppData\Local\Temp\tmp.exe
"C:\Users\Admin\AppData\Local\Temp\tmp.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4964
- C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\new.exe
  "C:\Users\Admin\AppData\Local\Temp\tmp.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4660
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1700
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\_ctypes.pyd

Filesize
120KB

MD5
462fd515ca586048459b9d90a660cb93

SHA1
06089f5d5e2a6411a0d7b106d24d5203eb70ec60

SHA256
bf017767ac650420487ca3225b3077445d24260bf1a33e75f7361b0c6d3e96b4

SHA512
67851bdbf9ba007012b89c89b86fd430fce24790466fefbb54431a7c200884fc9eb2f90c36d57acd300018f607630248f1a3addc2aa5f212458eb7a5c27054b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ONEFIL~1\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\VCRUNTIME140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\_ctypes.pyd

Filesize
120KB

MD5
462fd515ca586048459b9d90a660cb93

SHA1
06089f5d5e2a6411a0d7b106d24d5203eb70ec60

SHA256
bf017767ac650420487ca3225b3077445d24260bf1a33e75f7361b0c6d3e96b4

SHA512
67851bdbf9ba007012b89c89b86fd430fce24790466fefbb54431a7c200884fc9eb2f90c36d57acd300018f607630248f1a3addc2aa5f212458eb7a5c27054b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\libffi-7.dll

Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\new.exe

Filesize
4.4MB

MD5
ce3d3957f855b5d9cafd0a9aec446e46

SHA1
ac8a5ab1d86b9a4821bb8f8370d2d908a85764bf

SHA256
c540fbf92455e359c12e978f7c0da0c2ae18fb31cf83b51cf37a8f73968cc4cc

SHA512
e7f02aa06463c97048af089eef982b180d7d5f09f1ca3fa3fa74cf00f9d562ec280425e00f2a44b1ae07430d07d4a94d245eea1bef77d05c02040d1919b020a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\new.exe

Filesize
4.4MB

MD5
ce3d3957f855b5d9cafd0a9aec446e46

SHA1
ac8a5ab1d86b9a4821bb8f8370d2d908a85764bf

SHA256
c540fbf92455e359c12e978f7c0da0c2ae18fb31cf83b51cf37a8f73968cc4cc

SHA512
e7f02aa06463c97048af089eef982b180d7d5f09f1ca3fa3fa74cf00f9d562ec280425e00f2a44b1ae07430d07d4a94d245eea1bef77d05c02040d1919b020a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\python310.dll

Filesize
4.3MB

MD5
e4533934b37e688106beac6c5919281e

SHA1
ada39f10ef0bbdcf05822f4260e43d53367b0017

SHA256
2bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5

SHA512
fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\python310.dll

Filesize
4.3MB

MD5
e4533934b37e688106beac6c5919281e

SHA1
ada39f10ef0bbdcf05822f4260e43d53367b0017

SHA256
2bf761bae584ba67d9a41507b45ebd41ab6ae51755b1782496d0bc60cc1d41d5

SHA512
fa681a48ddd81854c9907026d4f36b008e509729f1d9a18a621f1d86cd1176c1a1ff4f814974306fa4d9e3886e2ce112a4f79b66713e1401f5dae4bcd8b898b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_4964_133323147779973948\vcruntime140.dll

Filesize
95KB

MD5
f34eb034aa4a9735218686590cba2e8b

SHA1
2bc20acdcb201676b77a66fa7ec6b53fa2644713

SHA256
9d2b40f0395cc5d1b4d5ea17b84970c29971d448c37104676db577586d4ad1b1

SHA512
d27d5e65e8206bd7923cf2a3c4384fec0fc59e8bc29e25f8c03d039f3741c01d1a8c82979d7b88c10b209db31fbbec23909e976b3ee593dc33481f0050a445af

Download Submit