7c9e01fc81c9763ba0e2a344d04cc8da26884813ba394e4b837c4374a2131295

Analysis

max time kernel
138s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
07-08-2023 07:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7c9e01fc81c9763ba0e2a344d04cc8da26884813ba394e4b837c4374a2131295.exe
Size

2.9MB
MD5

4b4713326dc3126966eeb29738bb9771
SHA1

6000a592a58cf4527ed637ffbe6315cf296ea4ca
SHA256

7c9e01fc81c9763ba0e2a344d04cc8da26884813ba394e4b837c4374a2131295
SHA512

ab915461894b039093e2c81093328a400b6be6e06a00fff94954cf1a4465fae74e87a9745ac0883f6ead8c1a4041fd5fc0ad77ac70b9c108b2360c123a236ae5
SSDEEP

49152:xWhlkLBfJXAEX8CWFd+TnwFsEd99wfEpO+roZ8504PHwLEiIBvJpp+:xWhl0BfKEZYd+TwFsvKNrsCMEiIB0

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
1388	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 1388	4028	7c9e01fc81c9763ba0e2a344d04cc8da26884813ba394e4b837c4374a2131295.exe	82
PID 4028 wrote to memory of 1388	4028	7c9e01fc81c9763ba0e2a344d04cc8da26884813ba394e4b837c4374a2131295.exe	82
PID 4028 wrote to memory of 1388	4028	7c9e01fc81c9763ba0e2a344d04cc8da26884813ba394e4b837c4374a2131295.exe	82

C:\Users\Admin\AppData\Local\Temp\7c9e01fc81c9763ba0e2a344d04cc8da26884813ba394e4b837c4374a2131295.exe
"C:\Users\Admin\AppData\Local\Temp\7c9e01fc81c9763ba0e2a344d04cc8da26884813ba394e4b837c4374a2131295.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" RJA4mp.AXN -s
  2⤵
  - Loads dropped DLL
  PID:1388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RJA4mp.AXN

Filesize
2.3MB

MD5
e6fe0ead3317ebdf2ad8665e49668ec8

SHA1
03f0c3c242ee0639da809209be5956939c937460

SHA256
a831a454ca5bf0ee3ae313f8c39eae4f5351e97ab31d8c7ecbc175eb443f1286

SHA512
61f09472f6ef52072775d024fbf7349ccb2d840932b241104095f6020e7d9b1689ae010040ba8344d09f5de31194c4c127a13eada7ba0d31d8bc1f4b4cf064e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\rJA4mp.axN

Filesize
2.3MB

MD5
e6fe0ead3317ebdf2ad8665e49668ec8

SHA1
03f0c3c242ee0639da809209be5956939c937460

SHA256
a831a454ca5bf0ee3ae313f8c39eae4f5351e97ab31d8c7ecbc175eb443f1286

SHA512
61f09472f6ef52072775d024fbf7349ccb2d840932b241104095f6020e7d9b1689ae010040ba8344d09f5de31194c4c127a13eada7ba0d31d8bc1f4b4cf064e3

Download Submit
memory/1388-137-0x0000000002640000-0x0000000002646000-memory.dmp

Filesize
24KB

Download
memory/1388-138-0x0000000000400000-0x0000000000644000-memory.dmp

Filesize
2.3MB

Download
memory/1388-140-0x0000000002AE0000-0x0000000002BD7000-memory.dmp

Filesize
988KB

Download
memory/1388-141-0x0000000002BE0000-0x0000000002CBE000-memory.dmp

Filesize
888KB

Download
memory/1388-144-0x0000000002BE0000-0x0000000002CBE000-memory.dmp

Filesize
888KB

Download
memory/1388-145-0x0000000002BE0000-0x0000000002CBE000-memory.dmp

Filesize
888KB

Download