749f7c6beb07b473372afb887978a826b029529f12aa3826253519fc759bc953

Analysis

max time kernel
117s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06-08-2023 16:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

749f7c6beb07b473372afb887978a826b029529f12aa3826253519fc759bc953.exe
Size

2.8MB
MD5

e94a7e81c6dc75390b97d9ba7328ad3e
SHA1

69e2ad167bf2fe7b7835dc2ac360884b2d24136f
SHA256

749f7c6beb07b473372afb887978a826b029529f12aa3826253519fc759bc953
SHA512

cb18a7a03ec3d6f56209ae6ebb9b9867915e535eb10960491c1bca22d710eb416cc1467a4c015c2996af4ff6d2829b48becc3fac05e095a8aa57925382f36b22
SSDEEP

49152:rLLKaR7IUlO7XV8pjgoc5yseJC6kanaB7ch5KS9obSuw6/+tiTJLgblW0ijoBEpg:r3REUlO7FAjrJjkaQch55sSx3uJMW0iE

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2680	msiexec.exe
2680	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 2680	744	749f7c6beb07b473372afb887978a826b029529f12aa3826253519fc759bc953.exe	80
PID 744 wrote to memory of 2680	744	749f7c6beb07b473372afb887978a826b029529f12aa3826253519fc759bc953.exe	80
PID 744 wrote to memory of 2680	744	749f7c6beb07b473372afb887978a826b029529f12aa3826253519fc759bc953.exe	80

C:\Users\Admin\AppData\Local\Temp\749f7c6beb07b473372afb887978a826b029529f12aa3826253519fc759bc953.exe
"C:\Users\Admin\AppData\Local\Temp\749f7c6beb07b473372afb887978a826b029529f12aa3826253519fc759bc953.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:744
- C:\Windows\SysWOW64\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /y .\8W8L2e.M
  2⤵
  - Loads dropped DLL
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8W8L2e.M

Filesize
2.3MB

MD5
0926dd2580bb81c5882d8debc82e34d6

SHA1
5e687c30048d1f42c01733f1ccc0e233026e6745

SHA256
b2fdb695f6390af6e0778a6d485ce9cc90ee48cf5fff52a8491ffb671bb4a765

SHA512
c259c27e408a89c10dd1b9ca65944d708bbcfa23054f0c69eb67525ddd90e602f4e62e846db3c057ff9e7ebddd1791d971a59e04b95157dd3c7c1fd8166193ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\8w8L2e.M

Filesize
2.3MB

MD5
0926dd2580bb81c5882d8debc82e34d6

SHA1
5e687c30048d1f42c01733f1ccc0e233026e6745

SHA256
b2fdb695f6390af6e0778a6d485ce9cc90ee48cf5fff52a8491ffb671bb4a765

SHA512
c259c27e408a89c10dd1b9ca65944d708bbcfa23054f0c69eb67525ddd90e602f4e62e846db3c057ff9e7ebddd1791d971a59e04b95157dd3c7c1fd8166193ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\8w8L2e.M

Filesize
2.3MB

MD5
0926dd2580bb81c5882d8debc82e34d6

SHA1
5e687c30048d1f42c01733f1ccc0e233026e6745

SHA256
b2fdb695f6390af6e0778a6d485ce9cc90ee48cf5fff52a8491ffb671bb4a765

SHA512
c259c27e408a89c10dd1b9ca65944d708bbcfa23054f0c69eb67525ddd90e602f4e62e846db3c057ff9e7ebddd1791d971a59e04b95157dd3c7c1fd8166193ea

Download Submit
memory/2680-138-0x00000000024B0000-0x00000000026FD000-memory.dmp

Filesize
2.3MB

Download
memory/2680-139-0x0000000000660000-0x0000000000666000-memory.dmp

Filesize
24KB

Download
memory/2680-140-0x00000000024B0000-0x00000000026FD000-memory.dmp

Filesize
2.3MB

Download
memory/2680-142-0x0000000002A70000-0x0000000002B71000-memory.dmp

Filesize
1.0MB

Download
memory/2680-143-0x0000000002B80000-0x0000000002C69000-memory.dmp

Filesize
932KB

Download
memory/2680-144-0x0000000002B80000-0x0000000002C69000-memory.dmp

Filesize
932KB

Download
memory/2680-146-0x0000000002B80000-0x0000000002C69000-memory.dmp

Filesize
932KB

Download
memory/2680-147-0x0000000002B80000-0x0000000002C69000-memory.dmp

Filesize
932KB

Download