Analysis
-
max time kernel
149s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
20-11-2023 05:45
General
-
Target
file.exe
-
Size
1.3MB
-
MD5
c565f5f06b8e4edd2c0a23272f4ca8e1
-
SHA1
70e4bc4979c64f985dd66aa0ae76d0fe77ce5814
-
SHA256
324fd27ad88e78d45943411efe7715775c36e2fff3f4469c9f44241fb1664e81
-
SHA512
811b145ce6123bb7f545c3bf9480dd68a1cb43bfc4e576cd98167e914247d8b0b9721a7959f2e5d75688790de38d72d6db9e4f55b195af785efaa6b28190383c
-
SSDEEP
24576:NmmEs2wqfcRBxJCBEmAMpCOJMbgp2kvB1Pj5R+d3ThJgrU35Zln2i6:8dw/IyPxbgp2iB1Pju3TIrK5Zln2i6
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST2⤵
- Creates scheduled task(s)
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD5c565f5f06b8e4edd2c0a23272f4ca8e1
SHA170e4bc4979c64f985dd66aa0ae76d0fe77ce5814
SHA256324fd27ad88e78d45943411efe7715775c36e2fff3f4469c9f44241fb1664e81
SHA512811b145ce6123bb7f545c3bf9480dd68a1cb43bfc4e576cd98167e914247d8b0b9721a7959f2e5d75688790de38d72d6db9e4f55b195af785efaa6b28190383c