cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
24/07/2023, 09:41

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe
Size

702KB
MD5

8555b5c76fadff58dddec3d0ce9e1ce0
SHA1

4ebec9a598d3e0d9f23043dcc365de58d89f5769
SHA256

cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0
SHA512

96631a2b7af42f81097c8df704e7e49f6d5e1fbc18588ad259ea9a6e7c1101e6afd09f1639513cc8850ee702c9f1a1818cfb1f8a3251a0441070fcf23879839e
SSDEEP

12288:DGHCnaomAEg3uPdkgOX+tZdxQ6Vi+UXcl8aQktL1Kozg5ShgIM:DGHCm8uPdJFd/VizcFQkD786g5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2516	logtool.exe

Loads dropped DLL 3 IoCs

pid	Process
1784	cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe
1784	cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe
1784	cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 2516	1784	cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe	28
PID 1784 wrote to memory of 2516	1784	cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe	28
PID 1784 wrote to memory of 2516	1784	cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe	28
PID 1784 wrote to memory of 2516	1784	cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe	28

C:\Users\Admin\AppData\Local\Temp\cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe
"C:\Users\Admin\AppData\Local\Temp\cfbe869ac043125bcf7609cb6d040263abc416349c35dd72db8a3753d68893d0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\logtool.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\logtool.exe"
  2⤵
  - Executes dropped EXE
  PID:2516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\logtool.exe

Filesize
1000KB

MD5
8d69bd660b6991c9734a0ad3c0bfb937

SHA1
d6a6099865ca9aef6b8d9f97aae918eb21f6317c

SHA256
034ee7b9f76cc798239dbf4eb94b0558630223f5d1e5855c87a5951c835edf11

SHA512
6ade5f49a7c07e4a4df304093411a72a4d263792726c0fe916de99e0e9d41021be1bd0e9f25293d5797088ac2480fdcc1d9563c5971334ccf905fa65702b76f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\logtool.exe

Filesize
1000KB

MD5
8d69bd660b6991c9734a0ad3c0bfb937

SHA1
d6a6099865ca9aef6b8d9f97aae918eb21f6317c

SHA256
034ee7b9f76cc798239dbf4eb94b0558630223f5d1e5855c87a5951c835edf11

SHA512
6ade5f49a7c07e4a4df304093411a72a4d263792726c0fe916de99e0e9d41021be1bd0e9f25293d5797088ac2480fdcc1d9563c5971334ccf905fa65702b76f2

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\logtool.exe

Filesize
1000KB

MD5
8d69bd660b6991c9734a0ad3c0bfb937

SHA1
d6a6099865ca9aef6b8d9f97aae918eb21f6317c

SHA256
034ee7b9f76cc798239dbf4eb94b0558630223f5d1e5855c87a5951c835edf11

SHA512
6ade5f49a7c07e4a4df304093411a72a4d263792726c0fe916de99e0e9d41021be1bd0e9f25293d5797088ac2480fdcc1d9563c5971334ccf905fa65702b76f2

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\logtool.exe

Filesize
1000KB

MD5
8d69bd660b6991c9734a0ad3c0bfb937

SHA1
d6a6099865ca9aef6b8d9f97aae918eb21f6317c

SHA256
034ee7b9f76cc798239dbf4eb94b0558630223f5d1e5855c87a5951c835edf11

SHA512
6ade5f49a7c07e4a4df304093411a72a4d263792726c0fe916de99e0e9d41021be1bd0e9f25293d5797088ac2480fdcc1d9563c5971334ccf905fa65702b76f2

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\logtool.exe

Filesize
1000KB

MD5
8d69bd660b6991c9734a0ad3c0bfb937

SHA1
d6a6099865ca9aef6b8d9f97aae918eb21f6317c

SHA256
034ee7b9f76cc798239dbf4eb94b0558630223f5d1e5855c87a5951c835edf11

SHA512
6ade5f49a7c07e4a4df304093411a72a4d263792726c0fe916de99e0e9d41021be1bd0e9f25293d5797088ac2480fdcc1d9563c5971334ccf905fa65702b76f2

Download Submit