Analysis
-
max time kernel
86s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231020-en -
resource tags
-
submitted
18/11/2023, 13:58
General
-
Target
file.exe
-
Size
1.3MB
-
MD5
31649bfbf442047c376f0640cb5f05f9
-
SHA1
428875a253c472e864df3689539a89d84f5f0b4b
-
SHA256
a80acf810711133abacbbc253434146e77b12c111abf18d727716ecf93cdfb50
-
SHA512
d3604cd1aedbf82293ad6d39f8441b567ba793c77bd1253d3fab9bbdb663d8a8dcaf514d16dcb19a165c30ee97d18420132118b9157b7caf93237e59a321cc97
-
SSDEEP
24576:NmmEs2wqfcRBxJCBEmAMpCOJMbgp2kvB1Pj5R+d3ThJgrU35Zln2i6:8dw/IyPxbgp2iB1Pju3TIrK5Zln2i6
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST2⤵
- Creates scheduled task(s)
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD531649bfbf442047c376f0640cb5f05f9
SHA1428875a253c472e864df3689539a89d84f5f0b4b
SHA256a80acf810711133abacbbc253434146e77b12c111abf18d727716ecf93cdfb50
SHA512d3604cd1aedbf82293ad6d39f8441b567ba793c77bd1253d3fab9bbdb663d8a8dcaf514d16dcb19a165c30ee97d18420132118b9157b7caf93237e59a321cc97