Analysis
-
max time kernel
41s -
max time network
18s -
platform
windows7_x64 -
resource
win7-20231020-en -
resource tags
-
submitted
27-11-2023 06:23
General
-
Target
Device/HarddiskVolume4/OneP/oneP.exe
-
Size
236KB
-
MD5
451c7f753f6ab2a9f5ef0a96426fbd4c
-
SHA1
416090ae3ba444248e1305713374f35b9fa7b0f8
-
SHA256
b63934eb58efbd0a2684c466ef4b27f448677ab03296acdd5a1181b19c51c4d8
-
SHA512
66155d24e67201beb6fac42138fe36abf5b9b7d14ba058eb7debac082479acbd69993b1f16a05bad040e6209e95beaeb7eb0ff2d7cf7b998562fb0f0fdb38d11
-
SSDEEP
3072:Fq6+ouCpk2mpcWJ0r+QNTBfSQxRzKc+UJ62FDNFRttBQ1BGhRhoGqGbqQh8hht7A:Fldk1cWQRNTB62L+Uo0DNXIh8TB
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 13 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\OneP\oneP.exe"C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\OneP\oneP.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exe"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3756.tmp\3757.tmp\3758.bat C:\Users\Admin\AppData\Local\Temp\Device\HarddiskVolume4\OneP\oneP.exe"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" echo off"3⤵
-
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /S /D /c" set/p=$C@r@c@sDEn0ch3@"3⤵
-
-
C:\Windows\system32\clip.execlip3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
47B
MD53c9b5c59cc58b95b744a9822a754b198
SHA1a1d5c100793626201009efa27a95ad5f1e4840ce
SHA256fca43266764542cfcefe25e57d94826baf4e13f4a84bb8322a2e517f31659ff2
SHA5125a32ec836bd6866e7a632c3c3434338b18e79fc3de57e6cb93d8b196fac125ded1310160e106ee2e3a59d0ffbd59330fd3dab563464770f8a8613e88b42be0cc