6c303290e0afb4a55f02a89abd773d36611bb3886d239e6660bd7b172c287fe3

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
05/11/2023, 02:10

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972.exe
Size

8.5MB
MD5

9c66d8fde4e6d395558182156e6fe298
SHA1

e59372a29c43af4d15ed77784547aae34d3a6bdc
SHA256

abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972
SHA512

bd7f1723126373de18bd54f49ef11a043c2f9b28145c62246ccf9c4485576cc2fff374f8abf1a556cecb0b72913e53d409c5b2ca4429777ef65f44434d298124
SSDEEP

196608:U8bWGiYJqu4Akw8QdZmPFWUnCVPxCa/uRF4ApDPS5b1:FWGtzL1POFrCtxV/8SSDY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2928	xxmruwvcgorkidkg.exe

Loads dropped DLL 2 IoCs

pid	Process
2428	abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972.exe
2928	xxmruwvcgorkidkg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 2928	2428	abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972.exe	28
PID 2428 wrote to memory of 2928	2428	abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972.exe	28
PID 2428 wrote to memory of 2928	2428	abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972.exe	28

C:\Users\Admin\AppData\Local\Temp\abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972.exe
"C:\Users\Admin\AppData\Local\Temp\abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Users\Admin\AppData\Local\Temp\onefile_2428_133436238423212000\xxmruwvcgorkidkg.exe
  "C:\Users\Admin\AppData\Local\Temp\abac31b5527803a89c941cf24280a9653cdee898a7a338424bd3e9b15d792972.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2428_133436238423212000\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2428_133436238423212000\xxmruwvcgorkidkg.exe

Filesize
10.5MB

MD5
bdc119efae38ea528c10adbd4c9000e4

SHA1
57067dc15355c91fbbacf4f0f8b74555aae2dfd3

SHA256
663ac2d887df18e6da97dd358ebd2bca55404fd4a1c8c1c51215834fc6d11b33

SHA512
2b0c8bddbf8501262bd43dc3a856b7fd70c16dd1e06ff42588ee96fb9c8d2e3b49ba57f2fe0bbd5cca8239054ed4db5728a8750b81c8741436ae4363224b1415

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2428_133436238423212000\python310.dll

Filesize
4.3MB

MD5
c80b5cb43e5fe7948c3562c1fff1254e

SHA1
f73cb1fb9445c96ecd56b984a1822e502e71ab9d

SHA256
058925e4bbfcb460a3c00ec824b8390583baef0c780a7c7ff01d43d9eec45f20

SHA512
faa97a9d5d2a0bf78123f19f8657c24921b907268938c26f79e1df6d667f7bee564259a3a11022e8629996406cda9fa00434bb2b1de3e10b9bddc59708dbad81

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2428_133436238423212000\xxmruwvcgorkidkg.exe

Filesize
10.5MB

MD5
bdc119efae38ea528c10adbd4c9000e4

SHA1
57067dc15355c91fbbacf4f0f8b74555aae2dfd3

SHA256
663ac2d887df18e6da97dd358ebd2bca55404fd4a1c8c1c51215834fc6d11b33

SHA512
2b0c8bddbf8501262bd43dc3a856b7fd70c16dd1e06ff42588ee96fb9c8d2e3b49ba57f2fe0bbd5cca8239054ed4db5728a8750b81c8741436ae4363224b1415

Download Submit