Analysis
-
max time kernel
145s -
max time network
131s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
28-07-2023 04:16
Static task
static1
Behavioral task
behavioral1
Sample
a0bfccb8cc68d350b02287d70507e70d.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
a0bfccb8cc68d350b02287d70507e70d.exe
Resource
win10v2004-20230703-en
General
-
Target
a0bfccb8cc68d350b02287d70507e70d.exe
-
Size
274KB
-
MD5
a0bfccb8cc68d350b02287d70507e70d
-
SHA1
3b274838cd098c2f26ece2928300fe4f1e24a9d4
-
SHA256
d587be51aa8da3d6ec72c1c3ad9c24c04c5ef97d4da7f8edb9c0ae04f6e111ab
-
SHA512
2e697d859c3c40acf033b20716fd2ecf427dbd85db470fd42907090b17dd73b7ba2506a9c56836d75f9f52ffead67258c7fb24de03715293d63ba0c349ff8cec
-
SSDEEP
6144:PYa689fXW3LMiiTEqOyYKFEZWAQoAALLg6UM6KYUvjuyT2XH9PDD0:PYS9fXW+TEqdXkLg6YUrui2Xd7D0
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
pid Process 5068 a0bfccb8cc68d350b02287d70507e70d.exe -
Suspicious use of SetThreadContext 1 IoCs
description pid Process procid_target PID 5068 set thread context of 2544 5068 a0bfccb8cc68d350b02287d70507e70d.exe 85 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 2544 a0bfccb8cc68d350b02287d70507e70d.exe 2544 a0bfccb8cc68d350b02287d70507e70d.exe -
Suspicious behavior: MapViewOfSection 1 IoCs
pid Process 5068 a0bfccb8cc68d350b02287d70507e70d.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 5068 wrote to memory of 2544 5068 a0bfccb8cc68d350b02287d70507e70d.exe 85 PID 5068 wrote to memory of 2544 5068 a0bfccb8cc68d350b02287d70507e70d.exe 85 PID 5068 wrote to memory of 2544 5068 a0bfccb8cc68d350b02287d70507e70d.exe 85 PID 5068 wrote to memory of 2544 5068 a0bfccb8cc68d350b02287d70507e70d.exe 85
Processes
-
C:\Users\Admin\AppData\Local\Temp\a0bfccb8cc68d350b02287d70507e70d.exe"C:\Users\Admin\AppData\Local\Temp\a0bfccb8cc68d350b02287d70507e70d.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:5068 -
C:\Users\Admin\AppData\Local\Temp\a0bfccb8cc68d350b02287d70507e70d.exe"C:\Users\Admin\AppData\Local\Temp\a0bfccb8cc68d350b02287d70507e70d.exe"2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2544
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
49KB
MD59da370474c2a7427495e83bed70b87ab
SHA1de2b22ba5cf618e0fc6ff30a8927820f1544068a
SHA2569cba1183ed6a9a89a34805730da01edaed2026b3d3cad0e3ef9710fbeb3ec442
SHA512bc736a5dcf5d6e227773dd59747eeb0f0035f09bc93bb85d9dc78c48e1fa62a17cef3f200102a47b94fe868020caf52aa0e3cc93b93d26db483b46e5f7aef54a