43cdf3115af291203532ee5b830f5dbf1d7dec693de559a7491827f538efd555

Analysis

max time kernel
150s
max time network
154s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
09/07/2023, 15:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b2a6df014fe06aexeexeexeex.exe
Size

64KB
MD5

b2a6df014fe06af18f5a5bce6243206c
SHA1

f056963beb271258e2baff79ced8cd2e82960066
SHA256

43cdf3115af291203532ee5b830f5dbf1d7dec693de559a7491827f538efd555
SHA512

575313e5b07ba4a0fbca6191d2fd344930fa5863f548807bafe2c40bbf94c831c2fb88b84e52cbd522223f63a583e43c26576e333d361fc633bf176fdcf48535
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xo3/nyxEK:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7e

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2328	hurok.exe

Loads dropped DLL 1 IoCs

pid	Process
2388	b2a6df014fe06aexeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2388	b2a6df014fe06aexeexeexeex.exe
2328	hurok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2388 wrote to memory of 2328	2388	b2a6df014fe06aexeexeexeex.exe	29
PID 2388 wrote to memory of 2328	2388	b2a6df014fe06aexeexeexeex.exe	29
PID 2388 wrote to memory of 2328	2388	b2a6df014fe06aexeexeexeex.exe	29
PID 2388 wrote to memory of 2328	2388	b2a6df014fe06aexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\b2a6df014fe06aexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\b2a6df014fe06aexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2388
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2328

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
64KB

MD5
a352bd8e5bb096c41bff9fe05fc9e477

SHA1
8e01a2cee5f6d39ce30f2ac007313cba8f052fce

SHA256
5571b7e746f11e33e3b8bc0e3365d7d797c04ab39a4dca8875c630263e82f96c

SHA512
3ddc7a3610255bddd7dd6f05e8385735fa4ea3ffbe8728ece3148fec689f6327b4c2b1f9f1b930655f09d63dfb03f38f1fd248b9e46e26a7717909231f04011b

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
64KB

MD5
a352bd8e5bb096c41bff9fe05fc9e477

SHA1
8e01a2cee5f6d39ce30f2ac007313cba8f052fce

SHA256
5571b7e746f11e33e3b8bc0e3365d7d797c04ab39a4dca8875c630263e82f96c

SHA512
3ddc7a3610255bddd7dd6f05e8385735fa4ea3ffbe8728ece3148fec689f6327b4c2b1f9f1b930655f09d63dfb03f38f1fd248b9e46e26a7717909231f04011b

Download Submit
\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
64KB

MD5
a352bd8e5bb096c41bff9fe05fc9e477

SHA1
8e01a2cee5f6d39ce30f2ac007313cba8f052fce

SHA256
5571b7e746f11e33e3b8bc0e3365d7d797c04ab39a4dca8875c630263e82f96c

SHA512
3ddc7a3610255bddd7dd6f05e8385735fa4ea3ffbe8728ece3148fec689f6327b4c2b1f9f1b930655f09d63dfb03f38f1fd248b9e46e26a7717909231f04011b

Download Submit
memory/2388-54-0x00000000002B0000-0x00000000002B6000-memory.dmp

Filesize
24KB

Download
memory/2388-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download