5b9a771b7997e82ebff31c59c0aaa5f3916ce8cbc91978f83daa152644f72d4e

Analysis

max time kernel
151s
max time network
153s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 09:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

695cf09cebff3bexeexeexeex.exe
Size

63KB
MD5

695cf09cebff3ba2831f8b338801e274
SHA1

511db5a3cd1e1571b736219a49e8bbaf290d88ca
SHA256

5b9a771b7997e82ebff31c59c0aaa5f3916ce8cbc91978f83daa152644f72d4e
SHA512

7c3e882c759e0fa3a99ed9423d71e658bef40c59347665f75ef30e0f00f0eecccacfe9185489d2cc905aa8320b7f57a74537e4c1efcbcc98e63a72db244cee56
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xo3/nyxV2K:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7W

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3028	hurok.exe

Loads dropped DLL 1 IoCs

pid	Process
3052	695cf09cebff3bexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3052	695cf09cebff3bexeexeexeex.exe
3028	hurok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 3028	3052	695cf09cebff3bexeexeexeex.exe	28
PID 3052 wrote to memory of 3028	3052	695cf09cebff3bexeexeexeex.exe	28
PID 3052 wrote to memory of 3028	3052	695cf09cebff3bexeexeexeex.exe	28
PID 3052 wrote to memory of 3028	3052	695cf09cebff3bexeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\695cf09cebff3bexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\695cf09cebff3bexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3028

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
63KB

MD5
be01d5bf0c7e74a9b6991ecf57024e35

SHA1
d863a7767509f7302add24d103672de17d6c5e18

SHA256
939441a7f7c85f70c3389c83623675a0092ad6aa3715e04ebf78a4df972f7c0f

SHA512
ae09fef69c1dbe9fc7fab07636635c17d74f9903b7e22732bda59b3ec37b4c3322a42657c354a2314c6d6262fd2b89483f2a7ded3d437350100149709589e592

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
63KB

MD5
be01d5bf0c7e74a9b6991ecf57024e35

SHA1
d863a7767509f7302add24d103672de17d6c5e18

SHA256
939441a7f7c85f70c3389c83623675a0092ad6aa3715e04ebf78a4df972f7c0f

SHA512
ae09fef69c1dbe9fc7fab07636635c17d74f9903b7e22732bda59b3ec37b4c3322a42657c354a2314c6d6262fd2b89483f2a7ded3d437350100149709589e592

Download Submit
\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
63KB

MD5
be01d5bf0c7e74a9b6991ecf57024e35

SHA1
d863a7767509f7302add24d103672de17d6c5e18

SHA256
939441a7f7c85f70c3389c83623675a0092ad6aa3715e04ebf78a4df972f7c0f

SHA512
ae09fef69c1dbe9fc7fab07636635c17d74f9903b7e22732bda59b3ec37b4c3322a42657c354a2314c6d6262fd2b89483f2a7ded3d437350100149709589e592

Download Submit
memory/3052-54-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/3052-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download