Overview

overview

7

Static

static

3

1f24e56bf5...f2.exe

windows7-x64

7

1f24e56bf5...f2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    18/11/2023, 23:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2.exe

  • Size

    508KB

  • MD5

    05bbdace6e91be582fd85146c90c8008

  • SHA1

    909625e968ffc5ac104cc5ac3d69c9f14e8fa75d

  • SHA256

    1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2

  • SHA512

    565f205f1ae9cd044bf1823d9d545f32e4b1cd8b9f87740aab80c79d78b24171092abaefa288ba9955e736408198eb02763cc719062c385967b87f34f46ab180

  • SSDEEP

    6144:OW0J07EHxsWKKCbrZXDbI33z5P/kjguInr39tAOLPvI1ILz:V4CWKKCrZTGF/k8uMxtxPvvz

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 60 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2.exe
    "C:\Users\Admin\AppData\Local\Temp\1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:1564
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c del "C:\Users\Admin\AppData\Local\Temp\1f24e56bf5be1928bf36e397604098d1a8649f8ecc731f4fe3f7c56e9aecf9f2.exe"
      2⤵
      • Deletes itself
      PID:1624

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\tkjsidfsd
    Filesize

    48B

    MD5

    7c102d193a6fa1627ff5200946822793

    SHA1

    3003daf9399dd07ae937ff6310a4fe6fbc284ba3

    SHA256

    9f6cbd89a7e0cb12125469a5681ab1413637d19fc15a183c4e36ef722e86362e

    SHA512

    ccbaa53322c7ffca3b97dfbd6882876efb27d7d82cc937bb8552e6745cd9edea8151f08ddaf4469154134fd2fec94928d2d72178f34c56699a130e1b0cb142f9

    Download Submit

  • C:\Windows\tkjsidfsd
    Filesize

    121B

    MD5

    0655113a88bcb4015dccec5e70db357b

    SHA1

    e2ae05cb1e3ad9fd44ee247879ffe6c47298a4cb

    SHA256

    11158c8a8f13910db15ff6ea1f581357be9ac416898c3a0959e83c6d56c20e5e

    SHA512

    e9ee9cb01cb3d9d523eacd1505244b06a6c491ab4c72e05368dda2cd356f5696d65e4ad7d44c2baf61044ad5f137663349373f3aeab51de8d6fc9aa82b6aa565

    Download Submit

  • C:\Windows\tkjsidfsd
    Filesize

    24B

    MD5

    5eb710e815b613e71a6e12d949feed95

    SHA1

    c0ae89d164ddaab0590ed0ac6fbf34f83d710b16

    SHA256

    41b8f7995303f4d6e3f7ca92846b3054618ba011c798e81cd32d27727324c54d

    SHA512

    c2e13037e44b742b828a132eccab53f8632ae00ed05b88a076f42a5c1f5f14afb74cbdbf40fb57b030406554b5b7f3fab66446af78d3e2b5ac21ef48b04d273b

    Download Submit

  • C:\Windows\tkjsidfsd
    Filesize

    121B

    MD5

    0655113a88bcb4015dccec5e70db357b

    SHA1

    e2ae05cb1e3ad9fd44ee247879ffe6c47298a4cb

    SHA256

    11158c8a8f13910db15ff6ea1f581357be9ac416898c3a0959e83c6d56c20e5e

    SHA512

    e9ee9cb01cb3d9d523eacd1505244b06a6c491ab4c72e05368dda2cd356f5696d65e4ad7d44c2baf61044ad5f137663349373f3aeab51de8d6fc9aa82b6aa565

    Download Submit