8fbf3a653290b90f6d247320f2f9b30626cd717854221396527c7ed723697c81

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
05/11/2023, 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80.exe
Size

4.2MB
MD5

4119af0c5a12d6153e19514b4be993c4
SHA1

a6e176a47659cc969836f0a24a976c8e876df992
SHA256

15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80
SHA512

e024865e0a77abeff53399eed02de63817331a4a8456735158888f963851279629f683e812ebd54fd55a4ae40eb373be76a484643afd3607b12177f0552fcdac
SSDEEP

98304:M2ASSLBf4qBPJVpKcHFOmUt0TRHQiMAk2x7FPoBsQKEW9weIi4:M2OF4oBVpKcpUtUwig2xpPoWQKEWuef4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2856	wuachost.exe

Loads dropped DLL 2 IoCs

pid	Process
2516	15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80.exe
2856	wuachost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2516 wrote to memory of 2856	2516	15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80.exe	28
PID 2516 wrote to memory of 2856	2516	15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80.exe	28
PID 2516 wrote to memory of 2856	2516	15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80.exe	28

C:\Users\Admin\AppData\Local\Temp\15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80.exe
"C:\Users\Admin\AppData\Local\Temp\15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2516
- C:\Users\Admin\AppData\Local\Temp\onefile_2516_133436238523710000\wuachost.exe
  "C:\Users\Admin\AppData\Local\Temp\15d874e24caf162bc58597ac5f22716694b5d43cf433bee6a78a0314280f2c80.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2516_133436238523710000\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2516_133436238523710000\wuachost.exe

Filesize
5.9MB

MD5
bea3d03f686c73622f08b1f0f8ec5b43

SHA1
b24fde3aa3d2c42f99d14c43f0348fb43c6e50b7

SHA256
4c09a012efff318b01a72199051815c5a7b920634fb6c76082673681f54f2ec3

SHA512
4fa6c23d46f7d64ffc55e263e01bb106cd46cf9a09bd023313d21afa6a7a36a36897decd664ab526f6afdbde5c0fa16237b3e65e5f4a88cf4aae8094aae69bf7

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2516_133436238523710000\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2516_133436238523710000\wuachost.exe

Filesize
5.9MB

MD5
bea3d03f686c73622f08b1f0f8ec5b43

SHA1
b24fde3aa3d2c42f99d14c43f0348fb43c6e50b7

SHA256
4c09a012efff318b01a72199051815c5a7b920634fb6c76082673681f54f2ec3

SHA512
4fa6c23d46f7d64ffc55e263e01bb106cd46cf9a09bd023313d21afa6a7a36a36897decd664ab526f6afdbde5c0fa16237b3e65e5f4a88cf4aae8094aae69bf7

Download Submit