0efe6774ec4a10f2622ad78b9814f617dc033d5c143183e042459d43a48e95fa

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
05/07/2023, 14:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

049db348acc52aexeexeexeex.exe
Size

55KB
MD5

049db348acc52a83683f7f3335326a4d
SHA1

db474c347964ea60e9b553119689be10f9bea46a
SHA256

0efe6774ec4a10f2622ad78b9814f617dc033d5c143183e042459d43a48e95fa
SHA512

f39a1130b23b61806c77751611b6c1992467b3be56ccb9c9ae4c308eef5b784950f833705110d60466ab785ba62c543c116adf4936dfc43918334b994031ded8
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzp0ojjf:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7u

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2408	hurok.exe

Loads dropped DLL 1 IoCs

pid	Process
876	049db348acc52aexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
876	049db348acc52aexeexeexeex.exe
2408	hurok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 876 wrote to memory of 2408	876	049db348acc52aexeexeexeex.exe	28
PID 876 wrote to memory of 2408	876	049db348acc52aexeexeexeex.exe	28
PID 876 wrote to memory of 2408	876	049db348acc52aexeexeexeex.exe	28
PID 876 wrote to memory of 2408	876	049db348acc52aexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\049db348acc52aexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\049db348acc52aexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:876
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2408

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
55KB

MD5
1b1862f103f59ceef6654fdb031841ce

SHA1
8629fe4a06994ca9cdadf06e28399fec7d08ee63

SHA256
92a51bb96f4bb31e23694bbc6e6555208a3b43bdef30d4318b022160167206e3

SHA512
545386e6660a05293216dfdcad957871215d153f0277d7f5d99d750f97d3bd3c0393cc6b4e295c56063ac4c64baca0ce2c44c9383fd0c0f033a7a950eee72f25

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
55KB

MD5
1b1862f103f59ceef6654fdb031841ce

SHA1
8629fe4a06994ca9cdadf06e28399fec7d08ee63

SHA256
92a51bb96f4bb31e23694bbc6e6555208a3b43bdef30d4318b022160167206e3

SHA512
545386e6660a05293216dfdcad957871215d153f0277d7f5d99d750f97d3bd3c0393cc6b4e295c56063ac4c64baca0ce2c44c9383fd0c0f033a7a950eee72f25

Download Submit
\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
55KB

MD5
1b1862f103f59ceef6654fdb031841ce

SHA1
8629fe4a06994ca9cdadf06e28399fec7d08ee63

SHA256
92a51bb96f4bb31e23694bbc6e6555208a3b43bdef30d4318b022160167206e3

SHA512
545386e6660a05293216dfdcad957871215d153f0277d7f5d99d750f97d3bd3c0393cc6b4e295c56063ac4c64baca0ce2c44c9383fd0c0f033a7a950eee72f25

Download Submit
memory/876-54-0x00000000003B0000-0x00000000003B6000-memory.dmp

Filesize
24KB

Download
memory/876-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download