4abdfcd240b09c5e1d8cd90d780c3db8f4f3d892be71d7b307d44051e0c15670

Analysis

max time kernel
121s
max time network
130s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
12/12/2023, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

xKKqTdnxXw0f.exe
Size

469KB
MD5

b8499cd83b49002d821f80e0c1ed3526
SHA1

38cf5d9f5c94dc31f9b7eccdffd6320d9508f597
SHA256

4abdfcd240b09c5e1d8cd90d780c3db8f4f3d892be71d7b307d44051e0c15670
SHA512

599cef445f2ea881da02bf1f4bcbb503a6d49ecf65701e82ed015da52b3eec159c9c21c86aeea1fa8c5840cd5c63d03f475598abf59728aeb8a139d896aba4c4
SSDEEP

12288:umnk7iLJbpIpiRL6I2WhSKQ9ZsfZQS2n9:WiLJbpI7I2WhQqZ729

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2756	WScript.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2276	xKKqTdnxXw0f.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2276 wrote to memory of 2756	2276	xKKqTdnxXw0f.exe	32
PID 2276 wrote to memory of 2756	2276	xKKqTdnxXw0f.exe	32
PID 2276 wrote to memory of 2756	2276	xKKqTdnxXw0f.exe	32
PID 2276 wrote to memory of 2756	2276	xKKqTdnxXw0f.exe	32

C:\Users\Admin\AppData\Local\Temp\xKKqTdnxXw0f.exe
"C:\Users\Admin\AppData\Local\Temp\xKKqTdnxXw0f.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\orwdpegsxsexgbmfgzwej.vbs"
  2⤵
  - Deletes itself
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\noas\logs.dat

Filesize
144B

MD5
6b0d016dbf9a887e2c53c43f009a6051

SHA1
0dfcc4b7d1858a55ab6582efda612a0e3298944a

SHA256
ea1f5e39823942e47abe3abee4b2e509434eac7d7baf2090a4c8d8a9524ca662

SHA512
0be30fe289735761a729ebf7824034e0ec12eae9fecf7371f44563ee407bfbf5378b12f0d43dd6dd9619eb21bf4cf279cf66708d36a20149b9431b87d373b1dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\orwdpegsxsexgbmfgzwej.vbs

Filesize
520B

MD5
0a0122ee1685ae0472265d200979c2a9

SHA1
908b96db2d8b2dd1ce231207f8d8d4cbbffab3b1

SHA256
388b57abd8f8733f04858a38c6c3da89bb7095371337c0a87395c2c38d6ea45d

SHA512
79811553dd5e20228c3bc6a86a7128e03d4d94c0f2502f42365c22a37532bff498679c415170db49408838991378453057b9490f656c7e46940ef94763bfcba2

Download Submit