2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
27/11/2023, 18:01

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab.exe
Size

11.5MB
MD5

895255dbf64becb1fc11b1fddded15f1
SHA1

769a4156afa9b547261c95df5dac0cdd2eff52e8
SHA256

2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab
SHA512

ef080f5c980aa77f6b451f5b73a05127955b849c59a479ebc5fdc8664a3c02d69291d923d2cfd836cb0e6e62b9680f039fa3bb38cc052af70c845660c97956ed
SSDEEP

196608:Nssh0xGLeGRY+lk5f3YoHIELFT9mWPiJJBiabIvZfAxXWZeR8AOtvtrzc5r2oSPn:GokyeGWqkBhfmMibPbua7R8AsvJK2/Pn

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2808	BP1_WW2_64.exe

Loads dropped DLL 2 IoCs

pid	Process
2112	2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab.exe
2808	BP1_WW2_64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2112 wrote to memory of 2808	2112	2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab.exe	28
PID 2112 wrote to memory of 2808	2112	2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab.exe	28
PID 2112 wrote to memory of 2808	2112	2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab.exe	28

C:\Users\Admin\AppData\Local\Temp\2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab.exe
"C:\Users\Admin\AppData\Local\Temp\2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Users\Admin\AppData\Local\Temp\onefile_2112_133455817116542000\BP1_WW2_64.exe
  "C:\Users\Admin\AppData\Local\Temp\2ff85b35c2105effb59f9df72a2527270fa2171acaeef9ae641fbd58b48835ab.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2112_133455817116542000\BP1_WW2_64.exe

Filesize
13.5MB

MD5
3557fcd1f962a92b9da41dfc3ee73ed6

SHA1
6798f056f572fa3c03c826a8dd358a9f4949c554

SHA256
235c714e05be2544ec08b99531ce27d9c263bd602312c201d268696a8626e73c

SHA512
445bb78dc3bc6f4b8c2f3a35ef067f2a4d50e97fbd6a98bb7c81facb18598a5d69331419233fd41aaf5c928f904c8c172db0984c8af7f4443f9205ccbd8e2550

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2112_133455817116542000\python311.dll

Filesize
5.5MB

MD5
1fe47c83669491bf38a949253d7d960f

SHA1
de5cc181c0e26cbcb31309fe00d9f2f5264d2b25

SHA256
0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae

SHA512
05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2112_133455817116542000\BP1_WW2_64.exe

Filesize
13.5MB

MD5
3557fcd1f962a92b9da41dfc3ee73ed6

SHA1
6798f056f572fa3c03c826a8dd358a9f4949c554

SHA256
235c714e05be2544ec08b99531ce27d9c263bd602312c201d268696a8626e73c

SHA512
445bb78dc3bc6f4b8c2f3a35ef067f2a4d50e97fbd6a98bb7c81facb18598a5d69331419233fd41aaf5c928f904c8c172db0984c8af7f4443f9205ccbd8e2550

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2112_133455817116542000\python311.dll

Filesize
5.5MB

MD5
1fe47c83669491bf38a949253d7d960f

SHA1
de5cc181c0e26cbcb31309fe00d9f2f5264d2b25

SHA256
0a9f2c98f36ba8974a944127b5b7e90e638010e472f2eb6598fc55b1bda9e7ae

SHA512
05cc6f00db128fbca02a14f60f86c049855f429013f65d91e14ea292d468bf9bfdeebc00ec2d54a9fb5715743a57ae3ab48a95037016240c02aabe4bfa1a2ff4

Download Submit
memory/2112-0-0x000000013F370000-0x0000000140A5A000-memory.dmp

Filesize
22.9MB

Download