38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294

Analysis

max time kernel
120s
max time network
124s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
03-09-2023 08:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294.exe
Size

11.9MB
MD5

45b8d16bc0f7c71381ab9eac0a806000
SHA1

81bb3f365db3f980c401dfffad302f91eabf9385
SHA256

38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294
SHA512

b3eb2c25449cacc485082f901b6836aec11ee150ac2b80cc5893e384658401537a11f2cc90fe423395edeae826a3276ef4ab7fc788fa7d1586b0231508ebb294
SSDEEP

196608:C4xGNAQuyQhJTJglVToqCYcvAJa3ZTGS1yHZeIsexikPDvh3ERy2PIbHur7+sY4o:p4NDu/Jg5CYMwHZ9/bPD5R8Sur7FVPYP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2192	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2792	38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294.exe
2192	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2792 wrote to memory of 2192	2792	38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294.exe	28
PID 2792 wrote to memory of 2192	2792	38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294.exe	28
PID 2792 wrote to memory of 2192	2792	38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294.exe	28
PID 2792 wrote to memory of 2192	2792	38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294.exe	28

C:\Users\Admin\AppData\Local\Temp\38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294.exe
"C:\Users\Admin\AppData\Local\Temp\38f3cb9ec9e4a14b3386270766b78211581af0fcc05a77d0cf18cc72525ba294.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2792
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\main.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\main.exe

Filesize
12.0MB

MD5
f804d76198e868034fab7535370de078

SHA1
53a973aac80384e2e23a00a5b8a5c0c2b1b10ad1

SHA256
1cee6a0b7d7c0c8478d2d1533a2d2644f8a761e0f194a15b43f7e8dbeeee5272

SHA512
774a3d5c1deb1a89a56fe3715e0aa0168d66abb2ed56c0f2976625d7e64fb85c7933dd30384914398d0e154de0f08e1ffea4dcd157a65b2390177038dd83873e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\main.exe

Filesize
12.0MB

MD5
f804d76198e868034fab7535370de078

SHA1
53a973aac80384e2e23a00a5b8a5c0c2b1b10ad1

SHA256
1cee6a0b7d7c0c8478d2d1533a2d2644f8a761e0f194a15b43f7e8dbeeee5272

SHA512
774a3d5c1deb1a89a56fe3715e0aa0168d66abb2ed56c0f2976625d7e64fb85c7933dd30384914398d0e154de0f08e1ffea4dcd157a65b2390177038dd83873e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\main.exe

Filesize
12.0MB

MD5
f804d76198e868034fab7535370de078

SHA1
53a973aac80384e2e23a00a5b8a5c0c2b1b10ad1

SHA256
1cee6a0b7d7c0c8478d2d1533a2d2644f8a761e0f194a15b43f7e8dbeeee5272

SHA512
774a3d5c1deb1a89a56fe3715e0aa0168d66abb2ed56c0f2976625d7e64fb85c7933dd30384914398d0e154de0f08e1ffea4dcd157a65b2390177038dd83873e

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\python311.dll

Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit