7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef

Analysis

max time kernel
27s
max time network
30s
platform
windows7_x64
resource
win7-20230621-en
resource tags

arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
submitted
02/07/2023, 19:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe
Size

88KB
MD5

d57d30a68ef18c99ad1d0fa400faaffb
SHA1

1ead9bb61ba3f553665f2289779681e25167bd40
SHA256

7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef
SHA512

ec8f8c93aa60e641e16057f242944353dc9d4ea9374615d059d9627b21bdcd984854322138742237db5707f5a8077ad8fd917f3de77d2b10ca9f2ff385918bb8
SSDEEP

1536:r6nKl2yk5Ca9GBj++0z0oNEs3tlmBd/JfafE/oPRbbw:r6ek4a9X+0z9ERdhyfE/oJo

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 2044	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	29
PID 1280 wrote to memory of 2044	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	29
PID 1280 wrote to memory of 2044	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	29
PID 1280 wrote to memory of 2044	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	29
PID 1280 wrote to memory of 2032	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	30
PID 1280 wrote to memory of 2032	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	30
PID 1280 wrote to memory of 2032	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	30
PID 1280 wrote to memory of 2032	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	30
PID 1280 wrote to memory of 300	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	31
PID 1280 wrote to memory of 300	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	31
PID 1280 wrote to memory of 300	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	31
PID 1280 wrote to memory of 300	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	31
PID 300 wrote to memory of 1916	300	cmd.exe	32
PID 300 wrote to memory of 1916	300	cmd.exe	32
PID 300 wrote to memory of 1916	300	cmd.exe	32
PID 300 wrote to memory of 1916	300	cmd.exe	32
PID 1280 wrote to memory of 1628	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	33
PID 1280 wrote to memory of 1628	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	33
PID 1280 wrote to memory of 1628	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	33
PID 1280 wrote to memory of 1628	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	33
PID 1280 wrote to memory of 328	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	34
PID 1280 wrote to memory of 328	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	34
PID 1280 wrote to memory of 328	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	34
PID 1280 wrote to memory of 328	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	34
PID 1280 wrote to memory of 568	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	35
PID 1280 wrote to memory of 568	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	35
PID 1280 wrote to memory of 568	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	35
PID 1280 wrote to memory of 568	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	35
PID 1280 wrote to memory of 668	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	36
PID 1280 wrote to memory of 668	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	36
PID 1280 wrote to memory of 668	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	36
PID 1280 wrote to memory of 668	1280	Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe	36

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1158

pid	Process
1916	attrib.exe

C:\Users\Admin\AppData\Local\Temp\Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe
"C:\Users\Admin\AppData\Local\Temp\Malicious_7acd46f2938235d2f07001d0ca737850ac781b31d074edbc26acff75d5c702ef.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c if not exist "C:\Users\Admin\AppData\Local\Temp\efolder" mkdir "C:\Users\Admin\AppData\Local\Temp\efolder"
  2⤵
  PID:2044
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c if not exist "C:\Users\Admin\AppData\Local\Temp\xtmp" mkdir "C:\Users\Admin\AppData\Local\Temp\xtmp"
  2⤵
  PID:2032
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c attrib +h C:\Users\Admin\AppData\Local\Temp\xtmp
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:300
- - C:\Windows\SysWOW64\attrib.exe
    attrib +h C:\Users\Admin\AppData\Local\Temp\xtmp
    3⤵
    - Views/modifies file attributes
    PID:1916
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c echo:0>C:\Users\Admin\AppData\Local\Temp\is64.txt
  2⤵
  PID:1628
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\is64.bat
  2⤵
  PID:328
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c
  2⤵
  PID:568
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:668

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is64.bat

Filesize
181B

MD5
225edee1d46e0a80610db26b275d72fb

SHA1
ce206abf11aaf19278b72f5021cc64b1b427b7e8

SHA256
e1befb57d724c9dc760cf42d7e0609212b22faeb2dc0c3ffe2fbd7134ff69559

SHA512
4f01a2a248a1322cb690b7395b818d2780e46f4884e59f1ab96125d642b6358eea97c7fad6023ef17209b218daa9c88d15ea2b92f124ecb8434c0c7b4a710504

Download Submit
C:\Users\Admin\AppData\Local\Temp\is64.txt

Filesize
3B

MD5
a5ea0ad9260b1550a14cc58d2c39b03d

SHA1
f0aedf295071ed34ab8c6a7692223d22b6a19841

SHA256
f1b2f662800122bed0ff255693df89c4487fbdcf453d3524a42d4ec20c3d9c04

SHA512
7c735c613ece191801114785c1ee26a0485cbf1e8ee2c3b85ba1ad290ef75eec9fede5e1a5dc26d504701f3542e6b6457818f4c1d62448d0db40d5f35c357d74

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads