Analysis
-
max time kernel
133s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
19-12-2023 11:01
Static task
static1
Behavioral task
behavioral1
Sample
0f1fa284edb8f594618e64d8f9c15845.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
0f1fa284edb8f594618e64d8f9c15845.exe
Resource
win10v2004-20231215-en
General
-
Target
0f1fa284edb8f594618e64d8f9c15845.exe
-
Size
14KB
-
MD5
0f1fa284edb8f594618e64d8f9c15845
-
SHA1
fa98e54f2545b08c68a2763f84d9314815e23a3b
-
SHA256
78a980545f1fd29d9463861e56bf14ef9d2f6d49fee296e49f2d14fa92ef0551
-
SHA512
77a1687878cda3e206c4f82ea6baeeb63a77c4c8a3d45e5158619ba54422fad834e2679d9aa77c450173cba6c0538c712593fbcf9b55862194daed2d616d152b
-
SSDEEP
384:hdtXWiJCQxsEwvK3RpSSHuGQG2Rqm4Yhph:hDXWipuE+K3/SSHgxN
Malware Config
Signatures
-
Executes dropped EXE 6 IoCs
pid Process 2688 DEM96A4.exe 2792 DEMECDE.exe 2260 DEM4338.exe 2292 DEM9933.exe 1504 DEMEEB2.exe 768 DEM4441.exe -
Loads dropped DLL 6 IoCs
pid Process 1732 0f1fa284edb8f594618e64d8f9c15845.exe 2688 DEM96A4.exe 2792 DEMECDE.exe 2260 DEM4338.exe 2292 DEM9933.exe 1504 DEMEEB2.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 24 IoCs
description pid Process procid_target PID 1732 wrote to memory of 2688 1732 0f1fa284edb8f594618e64d8f9c15845.exe 31 PID 1732 wrote to memory of 2688 1732 0f1fa284edb8f594618e64d8f9c15845.exe 31 PID 1732 wrote to memory of 2688 1732 0f1fa284edb8f594618e64d8f9c15845.exe 31 PID 1732 wrote to memory of 2688 1732 0f1fa284edb8f594618e64d8f9c15845.exe 31 PID 2688 wrote to memory of 2792 2688 DEM96A4.exe 33 PID 2688 wrote to memory of 2792 2688 DEM96A4.exe 33 PID 2688 wrote to memory of 2792 2688 DEM96A4.exe 33 PID 2688 wrote to memory of 2792 2688 DEM96A4.exe 33 PID 2792 wrote to memory of 2260 2792 DEMECDE.exe 35 PID 2792 wrote to memory of 2260 2792 DEMECDE.exe 35 PID 2792 wrote to memory of 2260 2792 DEMECDE.exe 35 PID 2792 wrote to memory of 2260 2792 DEMECDE.exe 35 PID 2260 wrote to memory of 2292 2260 DEM4338.exe 37 PID 2260 wrote to memory of 2292 2260 DEM4338.exe 37 PID 2260 wrote to memory of 2292 2260 DEM4338.exe 37 PID 2260 wrote to memory of 2292 2260 DEM4338.exe 37 PID 2292 wrote to memory of 1504 2292 DEM9933.exe 39 PID 2292 wrote to memory of 1504 2292 DEM9933.exe 39 PID 2292 wrote to memory of 1504 2292 DEM9933.exe 39 PID 2292 wrote to memory of 1504 2292 DEM9933.exe 39 PID 1504 wrote to memory of 768 1504 DEMEEB2.exe 41 PID 1504 wrote to memory of 768 1504 DEMEEB2.exe 41 PID 1504 wrote to memory of 768 1504 DEMEEB2.exe 41 PID 1504 wrote to memory of 768 1504 DEMEEB2.exe 41
Processes
-
C:\Users\Admin\AppData\Local\Temp\0f1fa284edb8f594618e64d8f9c15845.exe"C:\Users\Admin\AppData\Local\Temp\0f1fa284edb8f594618e64d8f9c15845.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1732 -
C:\Users\Admin\AppData\Local\Temp\DEM96A4.exe"C:\Users\Admin\AppData\Local\Temp\DEM96A4.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2688 -
C:\Users\Admin\AppData\Local\Temp\DEMECDE.exe"C:\Users\Admin\AppData\Local\Temp\DEMECDE.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2792 -
C:\Users\Admin\AppData\Local\Temp\DEM4338.exe"C:\Users\Admin\AppData\Local\Temp\DEM4338.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2260 -
C:\Users\Admin\AppData\Local\Temp\DEM9933.exe"C:\Users\Admin\AppData\Local\Temp\DEM9933.exe"5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2292 -
C:\Users\Admin\AppData\Local\Temp\DEMEEB2.exe"C:\Users\Admin\AppData\Local\Temp\DEMEEB2.exe"6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1504 -
C:\Users\Admin\AppData\Local\Temp\DEM4441.exe"C:\Users\Admin\AppData\Local\Temp\DEM4441.exe"7⤵
- Executes dropped EXE
PID:768
-
-
-
-
-
-
Network
- No results found
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
-
152 B 3
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
14KB
MD59838b09c98ec8284e6c8ea4c84bcf9cd
SHA1e512158a7783a95c8915c6deb91824f1d77ac65c
SHA256e7f2a67eb822e5eb37297c669b821c0987aa94f17b12b01dcc5e630d32af5121
SHA512e8f6984b0318f5e920677107dd13fc88a6f8a06296604f8611d4b11eba4e08f4f5183c04052175e83a82cf6bb014c8cbc9fa14aba8d8fe20e683c107bb4e0625
-
Filesize
14KB
MD5e3a54b204c93091c452d903a4af6a954
SHA1d1d85e31ee5683c3691ab0e2ab30b11d6ff521e7
SHA256dc8df9c32db06e0776322d4da6810fc2f471ebd7fb25658ff185016ac97a11a2
SHA512978114bbb50880ceb036d1099d6a069cc0fe0da3dfb96c3c1ad1745014a80b2adf43939aa2b89abaaca778d3bc2ae9044493e95ab2d18168ad75ba1b02c9cb0a
-
Filesize
14KB
MD5ff8f77a9c6dc2075fdf0780e32c11ddb
SHA13b7e8f09cffef2d807e0da6ec96f4f74b57550d8
SHA256e26504efe349c5230fc23098ed766775c74bb46b427bb521efb3989a73d99e98
SHA512f0a17ffac961e5e7ea30538d4883f46c830ddb73bead934bff44b85c25461e45a28777388b8b54ed2618fbaa46369951c6a8786a80faea2fa31785d1ae9e904b
-
Filesize
14KB
MD5ff923651b78aca5277c638e7cbe48dbc
SHA10f0cdd6174474e08295133384fb382455b725b2f
SHA2567d91ff499cdf5c0f9ce5a47aa8b5a3209c4251bce99d3e9097f0d51e1c3ab075
SHA512a029c2e603084196ad6a8ef02070f044e99bc60ee272ff839604771bc17fff1c8ee19601d188de87c78a8af83b0e78babaed2eab0e4b9acbdd5ffec8888ea455
-
Filesize
14KB
MD5a1a193202dd6990dcff9a08a6b644af6
SHA19631e0eb059b93e724154a561eea3873cf33219c
SHA25607221650c2904c3c2261c636a5d9892fa933d0ff564c838fa605fd60929e1c79
SHA512524439095a7be85890caea75adc7bc7b6a3e010309992a24ea8400a9e877b3cff903f8bc70ece895160f65bbbcd5721fe9a7acc8cda3c8972a5796d1d871c772
-
Filesize
14KB
MD546437689216b506729913e892d3abf65
SHA14baf4efdfb255fceebb5b0b60ee992845a3cf57f
SHA2563d3f475be8fb704a77509991af28b502c36482ccaab7b569dfe5fadc75af0205
SHA51227d30ba56746d07107a76bad711cc3589c62687f18a3943aa9d9068003c7019fdf4dc7b9372844774f537da65ca565e1fb52c21cc509d6378648844a35367b12