774e7d9415332aa93b9bce9c07e6b5a35cfc76415e3374fe3e43a8a4b1069dc2

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
22-11-2023 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b1c5d1df54caccaa15cdf8dfc0a10e8.exe
Size

7.0MB
MD5

0b1c5d1df54caccaa15cdf8dfc0a10e8
SHA1

9410b04e4f18d01e92e12dbc303723ae29e38906
SHA256

774e7d9415332aa93b9bce9c07e6b5a35cfc76415e3374fe3e43a8a4b1069dc2
SHA512

c4c86b0123efb6444070cdbdefaff1296635e51ac7909f1f785bf6f611e15c28faa51a137b3c7ce08b0fee46f559441b31d6c70f8fd8d3a506bda74fbd471665
SSDEEP

196608:SPPRaqUELMPXjzIk05JjbjBked6QULkNW3G0hrTW9e:SPPpUpPXjUV5JHNk4tU/3G0FTW9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2672	test.exe

Loads dropped DLL 2 IoCs

pid	Process
1528	0b1c5d1df54caccaa15cdf8dfc0a10e8.exe
2672	test.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 2672	1528	0b1c5d1df54caccaa15cdf8dfc0a10e8.exe	29
PID 1528 wrote to memory of 2672	1528	0b1c5d1df54caccaa15cdf8dfc0a10e8.exe	29
PID 1528 wrote to memory of 2672	1528	0b1c5d1df54caccaa15cdf8dfc0a10e8.exe	29

C:\Users\Admin\AppData\Local\Temp\0b1c5d1df54caccaa15cdf8dfc0a10e8.exe
"C:\Users\Admin\AppData\Local\Temp\0b1c5d1df54caccaa15cdf8dfc0a10e8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Users\Admin\AppData\Local\Temp\onefile_1528_133450885962104000\test.exe
  "C:\Users\Admin\AppData\Local\Temp\0b1c5d1df54caccaa15cdf8dfc0a10e8.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1528_133450885962104000\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1528_133450885962104000\test.exe

Filesize
8.8MB

MD5
c211b1d32f59fee2a31d58d7d0eb2d35

SHA1
842b694d7bbab55aeef8c3bec5b8a2b1d3043fb2

SHA256
f19306a9e668c0c882b5d2ca5af9ed179158406588b4609e2d06a24b45186418

SHA512
4ac3bf043d238b9d02db67a0306e24b2ca3081fa9a24bd2bcdc644f718730b90611c324c7694cd47a47a4d22833b68969ea22b127438fe65d079bff76eda7528

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1528_133450885962104000\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1528_133450885962104000\test.exe

Filesize
8.8MB

MD5
c211b1d32f59fee2a31d58d7d0eb2d35

SHA1
842b694d7bbab55aeef8c3bec5b8a2b1d3043fb2

SHA256
f19306a9e668c0c882b5d2ca5af9ed179158406588b4609e2d06a24b45186418

SHA512
4ac3bf043d238b9d02db67a0306e24b2ca3081fa9a24bd2bcdc644f718730b90611c324c7694cd47a47a4d22833b68969ea22b127438fe65d079bff76eda7528

Download Submit
memory/1528-49-0x000000013FDA0000-0x00000001404C0000-memory.dmp

Filesize
7.1MB

Download
memory/2672-27-0x000000013FC70000-0x0000000140554000-memory.dmp

Filesize
8.9MB

Download