5391070e7ff41bdb5e8370dc9662c877adfe32a1b56a5450d17da73ef95f9c51

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11-07-2023 16:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc7ca297a9bfb1exeexeexeex.exe
Size

63KB
MD5

fc7ca297a9bfb1ba15de96fe2340c43e
SHA1

beb4044de73d2ce34fbe922dd69aa9466a653e27
SHA256

5391070e7ff41bdb5e8370dc9662c877adfe32a1b56a5450d17da73ef95f9c51
SHA512

ede12b1046ebaaed114364d2bcfafaa0ded2c832c3fffd13c0a8ca1f44f003c9069babcc43ab504c79c77d34aa1d953a44651a9dc81a8ca9853503e545799e7c
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1xo3/nyxV2N:aq7tdgI2MyzNORQtOflIwoHNV2XBFV75

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1344	hurok.exe

Loads dropped DLL 1 IoCs

pid	Process
2948	fc7ca297a9bfb1exeexeexeex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
2948	fc7ca297a9bfb1exeexeexeex.exe
1344	hurok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 1344	2948	fc7ca297a9bfb1exeexeexeex.exe	28
PID 2948 wrote to memory of 1344	2948	fc7ca297a9bfb1exeexeexeex.exe	28
PID 2948 wrote to memory of 1344	2948	fc7ca297a9bfb1exeexeexeex.exe	28
PID 2948 wrote to memory of 1344	2948	fc7ca297a9bfb1exeexeexeex.exe	28

C:\Users\Admin\AppData\Local\Temp\fc7ca297a9bfb1exeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\fc7ca297a9bfb1exeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:1344

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
63KB

MD5
a227e16a2237cbaa9bcd46f31aa65416

SHA1
516267688fc129c0474e00ac870449ed61c382d6

SHA256
519f0475d35ecdb6ed4703588ff447ed9a7cda6cdc49c6cd91486432cf2219d6

SHA512
3a0b2c0d90f82dc962756d83b629060ff4b0da587306776c93fe9282b1b17319ae34989ffa846c8045436403aa7e5cb42d0eee357de9d6560a9c1480ef925cc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
63KB

MD5
a227e16a2237cbaa9bcd46f31aa65416

SHA1
516267688fc129c0474e00ac870449ed61c382d6

SHA256
519f0475d35ecdb6ed4703588ff447ed9a7cda6cdc49c6cd91486432cf2219d6

SHA512
3a0b2c0d90f82dc962756d83b629060ff4b0da587306776c93fe9282b1b17319ae34989ffa846c8045436403aa7e5cb42d0eee357de9d6560a9c1480ef925cc3

Download Submit
\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
63KB

MD5
a227e16a2237cbaa9bcd46f31aa65416

SHA1
516267688fc129c0474e00ac870449ed61c382d6

SHA256
519f0475d35ecdb6ed4703588ff447ed9a7cda6cdc49c6cd91486432cf2219d6

SHA512
3a0b2c0d90f82dc962756d83b629060ff4b0da587306776c93fe9282b1b17319ae34989ffa846c8045436403aa7e5cb42d0eee357de9d6560a9c1480ef925cc3

Download Submit
memory/2948-54-0x00000000001C0000-0x00000000001C6000-memory.dmp

Filesize
24KB

Download
memory/2948-55-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download