4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4

Analysis

max time kernel
76s
max time network
80s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
04-07-2023 20:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

challange_Benign_4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4.exe
Size

36KB
MD5

2f21a5bd845fd18d81b9c319d37543fd
SHA1

c06a06f0261b4b30b559e718ed95d17c7343d905
SHA256

4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4
SHA512

a7bd86401169367bbf5a61ac88aff3cb07de973ffee74a07daf58aad5cdfd8762a2ddc0e9019369cc80e25d28a1727880598adfc5f759451b6edc9d60948a954
SSDEEP

768:5bsCogv5ESs9BDykUWZ0+uD3jqE3ViV6Ol:PREBs+O3jql6Ol

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
3064	timeout.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2392	2396	challange_Benign_4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4.exe	28
PID 2396 wrote to memory of 2392	2396	challange_Benign_4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4.exe	28
PID 2396 wrote to memory of 2392	2396	challange_Benign_4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4.exe	28
PID 2396 wrote to memory of 2392	2396	challange_Benign_4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4.exe	28
PID 2392 wrote to memory of 2024	2392	cmd.exe	30
PID 2392 wrote to memory of 2024	2392	cmd.exe	30
PID 2392 wrote to memory of 2024	2392	cmd.exe	30
PID 2392 wrote to memory of 2024	2392	cmd.exe	30
PID 2392 wrote to memory of 3064	2392	cmd.exe	31
PID 2392 wrote to memory of 3064	2392	cmd.exe	31
PID 2392 wrote to memory of 3064	2392	cmd.exe	31
PID 2392 wrote to memory of 3064	2392	cmd.exe	31

C:\Users\Admin\AppData\Local\Temp\challange_Benign_4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4.exe
"C:\Users\Admin\AppData\Local\Temp\challange_Benign_4e32af9f57ea2c02943265d1d5185e9573e029a6975df110aa0a4fdaa135b4c4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\1C0A.tmp\start1.bat" "
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2392
- - C:\Windows\SysWOW64\chcp.com
    chcp 65001
    3⤵
    PID:2024
- - C:\Windows\SysWOW64\timeout.exe
    timeout /t 2
    3⤵
    - Delays execution with timeout.exe
    PID:3064

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1C0A.tmp\start1.bat

Filesize
743B

MD5
40725cddb76b14707bad0d522a81b4ca

SHA1
19cf0c213a0a6e5734e9fd689515033334298ed1

SHA256
9848b0cf80710c0a6600d043f5ecb101e0bc0319c4edb965a4bcf945193a4196

SHA512
6ed9bdea4324f76c6f877f0321b8db63c7dc4ceb20e0c31ca7fea26c986fafd0e3208920bdc45347211030d892d20a71d422e4264d47e86a481d4208708ceaea

Download Submit
C:\Users\Admin\AppData\Local\Temp\1C0A.tmp\start1.bat

Filesize
743B

MD5
40725cddb76b14707bad0d522a81b4ca

SHA1
19cf0c213a0a6e5734e9fd689515033334298ed1

SHA256
9848b0cf80710c0a6600d043f5ecb101e0bc0319c4edb965a4bcf945193a4196

SHA512
6ed9bdea4324f76c6f877f0321b8db63c7dc4ceb20e0c31ca7fea26c986fafd0e3208920bdc45347211030d892d20a71d422e4264d47e86a481d4208708ceaea

Download Submit
memory/2392-78-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download
memory/2392-103-0x0000000000720000-0x0000000000721000-memory.dmp

Filesize
4KB

Download