Analysis
-
max time kernel
149s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
20/11/2023, 18:24
General
-
Target
file.exe
-
Size
1.3MB
-
MD5
69f23f97b1191972b5d15ef501bbe343
-
SHA1
d794d7c041cbb22bd9ada979081013b739779226
-
SHA256
53a468e47ec24c4415be30db04c716e565486b76b92aebce9df7ab63825ee11f
-
SHA512
18034faff7744b6eba11bb0b1320da3db0d7153c04d3df71b5343b0dd8521749daa6af40e150437149a1f8c7cebaf2ff81fa98ceca97ad4bb9c608f3bb626aa9
-
SSDEEP
24576:NmmEs2wqfcRBxJCBEmAMpCOJMbgp2kvB1Pj5R+d3ThJgrU35Zln2i6:8dw/IyPxbgp2iB1Pju3TIrK5Zln2i6
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST2⤵
- Creates scheduled task(s)
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD569f23f97b1191972b5d15ef501bbe343
SHA1d794d7c041cbb22bd9ada979081013b739779226
SHA25653a468e47ec24c4415be30db04c716e565486b76b92aebce9df7ab63825ee11f
SHA51218034faff7744b6eba11bb0b1320da3db0d7153c04d3df71b5343b0dd8521749daa6af40e150437149a1f8c7cebaf2ff81fa98ceca97ad4bb9c608f3bb626aa9