fcc4b5aae15a02561d00036c6924011e45acefb0eccbcd4c88ec1c9e7bd04821

Analysis

max time kernel
150s
max time network
155s
platform
windows7_x64
resource
win7-20230705-en
resource tags

arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

812ecd245c7309exeexeexeex.exe
Size

56KB
MD5

812ecd245c7309f4b12a403d42f754c5
SHA1

f34ad5dd0ab7ce4de779f8e7ce5066975f9ef6a4
SHA256

fcc4b5aae15a02561d00036c6924011e45acefb0eccbcd4c88ec1c9e7bd04821
SHA512

db84c03a4c4badef841729d06f6ceeecec4a3f554a60b48d7c50eb6c2a866cd32f8d8f9405cc0b4146af20c0d2720b2458e5803b1bbdf0099f339f90542328c6
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xzp0oj67Jg:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7e

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3016	hurok.exe

Loads dropped DLL 1 IoCs

pid	Process
1092	812ecd245c7309exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
1092	812ecd245c7309exeexeexeex.exe
3016	hurok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1092 wrote to memory of 3016	1092	812ecd245c7309exeexeexeex.exe	27
PID 1092 wrote to memory of 3016	1092	812ecd245c7309exeexeexeex.exe	27
PID 1092 wrote to memory of 3016	1092	812ecd245c7309exeexeexeex.exe	27
PID 1092 wrote to memory of 3016	1092	812ecd245c7309exeexeexeex.exe	27

C:\Users\Admin\AppData\Local\Temp\812ecd245c7309exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\812ecd245c7309exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:1092
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:3016

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
57KB

MD5
a371a65361464019b7f5fe0215d57706

SHA1
a4bf17e3c5838fac49bf0b3afb194127180a04b4

SHA256
117bfc74606d03ef7797499a0e57ee25cd64100815f9a5d9604f5761bcfa745f

SHA512
e7e8ef07f31ef9e5e0701fc4359ef7341b11150ebd38d279f63855076e2a1b22788aa46e221f13b352ef2d085852a6a16692a8d7c9aa94dd3f96f6e9c4a17869

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
57KB

MD5
a371a65361464019b7f5fe0215d57706

SHA1
a4bf17e3c5838fac49bf0b3afb194127180a04b4

SHA256
117bfc74606d03ef7797499a0e57ee25cd64100815f9a5d9604f5761bcfa745f

SHA512
e7e8ef07f31ef9e5e0701fc4359ef7341b11150ebd38d279f63855076e2a1b22788aa46e221f13b352ef2d085852a6a16692a8d7c9aa94dd3f96f6e9c4a17869

Download Submit
\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
57KB

MD5
a371a65361464019b7f5fe0215d57706

SHA1
a4bf17e3c5838fac49bf0b3afb194127180a04b4

SHA256
117bfc74606d03ef7797499a0e57ee25cd64100815f9a5d9604f5761bcfa745f

SHA512
e7e8ef07f31ef9e5e0701fc4359ef7341b11150ebd38d279f63855076e2a1b22788aa46e221f13b352ef2d085852a6a16692a8d7c9aa94dd3f96f6e9c4a17869

Download Submit
memory/1092-54-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/1092-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download