b76080d069eb6c4f941b61154852d2000dd53db0f120827b81643f0dd9480c4e

Resubmissions

10-07-2023 09:41

230710-ln791sae9y 10

10-07-2023 09:39

230710-lmwjtsae8y 10

Analysis

max time kernel
91s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
10-07-2023 09:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WESTERN.exe
Size

2.3MB
MD5

edf847cfbfe0ba4c161c815c16a73195
SHA1

e7d8eb262eeb5a7f31bd4673d066bdf42761e90a
SHA256

3b4a299904bd4683c3043b0ca84553eb9e55d6c5450e0346f0456e3fd6bffb65
SHA512

a6aa8e181fba031d543a6125f6b9ee286a4c6c9829185b56cfeabb07103438573dab1ffe8e9afa97f7beef8a8d018239381d8daf3bf5525b2364317bdcad8884
SSDEEP

49152:LkWk5cS7a+9XYaQaZehc4mTYJ78V9gyBn4c3fmP/SA8N:TajJRZ942KQV9hp4MfmP/SA8

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

WESTERN.exeWESTERN.exeWESTERN.exe

pid process

2412 WESTERN.exe
2412 WESTERN.exe
2412 WESTERN.exe
4472 WESTERN.exe
4472 WESTERN.exe
4472 WESTERN.exe
1132 WESTERN.exe
1132 WESTERN.exe
1132 WESTERN.exe

pid	process
2412	WESTERN.exe
2412	WESTERN.exe
2412	WESTERN.exe
4472	WESTERN.exe
4472	WESTERN.exe
4472	WESTERN.exe
1132	WESTERN.exe
1132	WESTERN.exe
1132	WESTERN.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

WESTERN.exeWESTERN.exeWESTERN.exe

description	pid	process	target process
PID 2412 wrote to memory of 2320	2412	WESTERN.exe	cmd.exe
PID 2412 wrote to memory of 2320	2412	WESTERN.exe	cmd.exe
PID 2412 wrote to memory of 2320	2412	WESTERN.exe	cmd.exe
PID 4472 wrote to memory of 4868	4472	WESTERN.exe	cmd.exe
PID 4472 wrote to memory of 4868	4472	WESTERN.exe	cmd.exe
PID 4472 wrote to memory of 4868	4472	WESTERN.exe	cmd.exe
PID 1132 wrote to memory of 2088	1132	WESTERN.exe	cmd.exe
PID 1132 wrote to memory of 2088	1132	WESTERN.exe	cmd.exe
PID 1132 wrote to memory of 2088	1132	WESTERN.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\WESTERN.exe
"C:\Users\Admin\AppData\Local\Temp\WESTERN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:2320

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\WESTERN.exe
"C:\Users\Admin\AppData\Local\Temp\WESTERN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:4868

C:\Users\Admin\AppData\Local\Temp\WESTERN.exe
"C:\Users\Admin\AppData\Local\Temp\WESTERN.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c C:\Users\Admin\AppData\Local\Temp\
  2⤵
  PID:2088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads