Analysis
-
max time kernel
138s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20231023-en -
resource tags
-
submitted
27/11/2023, 17:38
General
-
Target
file.exe
-
Size
1.5MB
-
MD5
856a7aa17b7e925ea53689d8ea144f2f
-
SHA1
ccf159f909bcbb87876396a170a3bdfa58941abb
-
SHA256
f6b5e750cba8ac640bb6dcd2e8c75174803e1f256547af72e38275e83cc32d09
-
SHA512
88e88dc13a706cff5c83b1c3968b5ef87467c3eb35a6c29a08baefbb049ae4e74e61801c654503f64e624dd4e9d803a42879c4c541791e04d33b687a2f3cdd74
-
SSDEEP
24576:2opGDjnvrPpkjos0OtjcFc5kM49dj+IuxWQOIjuJuVvhbqL0HtFcgekRP9dT0WNI:OnvrPGT0Egyudc4tI3bqL0NFchaP9dTy
Malware Config
Signatures
-
Drops startup file 1 IoCs
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of WriteProcessMemory 6 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\file.exe"C:\Users\Admin\AppData\Local\Temp\file.exe"1⤵
- Drops startup file
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 HR" /sc HOURLY /rl HIGHEST2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeschtasks /create /f /RU "Admin" /tr "C:\ProgramData\OfficeTrackerNMP131\OfficeTrackerNMP131.exe" /tn "OfficeTrackerNMP131 LG" /sc ONLOGON /rl HIGHEST2⤵
- Creates scheduled task(s)
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.5MB
MD5856a7aa17b7e925ea53689d8ea144f2f
SHA1ccf159f909bcbb87876396a170a3bdfa58941abb
SHA256f6b5e750cba8ac640bb6dcd2e8c75174803e1f256547af72e38275e83cc32d09
SHA51288e88dc13a706cff5c83b1c3968b5ef87467c3eb35a6c29a08baefbb049ae4e74e61801c654503f64e624dd4e9d803a42879c4c541791e04d33b687a2f3cdd74