133b196f14021e2e2562225b90a7b81ca36deb20cd4d241c68d1d01c5593e4f0

Analysis

max time kernel
126s
max time network
136s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/12/2023, 11:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15826395e5ae6a115e91375d02d005a6.exe
Size

208KB
MD5

15826395e5ae6a115e91375d02d005a6
SHA1

62b1155ba1764f76ac079750773009c38809fd9f
SHA256

133b196f14021e2e2562225b90a7b81ca36deb20cd4d241c68d1d01c5593e4f0
SHA512

db06a911792a4c58c88d5dd5c28f46a628f3b1fe1537feec3310ec86e00356f01f5203c14dced2621d2b6cb356e258080b942a710cb9b37b67d2520b40e0b647
SSDEEP

3072:JO+bY++73VQdqPg7WqD+NhGJZstCVH9xGSp+BPq19XAHtUcmzz:MWWzcJZs0d91WPquUcm3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1796	IEMontior.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
2828	schtasks.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2560	2248	15826395e5ae6a115e91375d02d005a6.exe	29
PID 2248 wrote to memory of 2560	2248	15826395e5ae6a115e91375d02d005a6.exe	29
PID 2248 wrote to memory of 2560	2248	15826395e5ae6a115e91375d02d005a6.exe	29
PID 2248 wrote to memory of 2560	2248	15826395e5ae6a115e91375d02d005a6.exe	29
PID 2560 wrote to memory of 2828	2560	cmd.exe	31
PID 2560 wrote to memory of 2828	2560	cmd.exe	31
PID 2560 wrote to memory of 2828	2560	cmd.exe	31
PID 2560 wrote to memory of 2828	2560	cmd.exe	31
PID 2980 wrote to memory of 1796	2980	taskeng.exe	35
PID 2980 wrote to memory of 1796	2980	taskeng.exe	35
PID 2980 wrote to memory of 1796	2980	taskeng.exe	35
PID 2980 wrote to memory of 1796	2980	taskeng.exe	35

C:\Users\Admin\AppData\Local\Temp\15826395e5ae6a115e91375d02d005a6.exe
"C:\Users\Admin\AppData\Local\Temp\15826395e5ae6a115e91375d02d005a6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /C schtasks /create /sc minute /mo 1 /tn "IEMontior" /tr "C:\Users\Admin\AppData\Local\IEMontior.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2560
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc minute /mo 1 /tn "IEMontior" /tr "C:\Users\Admin\AppData\Local\IEMontior.exe"
    3⤵
    - Creates scheduled task(s)
    PID:2828

C:\Windows\system32\taskeng.exe
taskeng.exe {A6980B96-974A-4654-9C10-63927B4DCF76} S-1-5-21-3308111660-3636268597-2291490419-1000:JUBFGPHD\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\Users\Admin\AppData\Local\IEMontior.exe
  C:\Users\Admin\AppData\Local\IEMontior.exe
  2⤵
  - Executes dropped EXE
  PID:1796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\IEMontior.exe

Filesize
208KB

MD5
28a46445a59594ab2596c565d6b4c652

SHA1
9d58a0b82584fed7ac46adc055262f641ef1d00b

SHA256
a6e281a43d163bd80bfa59d0de10177bbeaaf4b0b6e9d6518d0926f6f1489e9d

SHA512
4416dc9ca5752299cfdaffda4dc2dc6f99f0b9e496aa403b8548b7a0c9f22b7e97ddbebf917c027e4e31d6e32f7d55520fa79b2f4299c65a29e05cfd6cb81876

Download Submit
memory/1796-15-0x00000000022E0000-0x0000000002320000-memory.dmp

Filesize
256KB

Download
memory/1796-14-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/1796-13-0x00000000022E0000-0x0000000002320000-memory.dmp

Filesize
256KB

Download
memory/1796-12-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/1796-11-0x00000000022E0000-0x0000000002320000-memory.dmp

Filesize
256KB

Download
memory/1796-10-0x0000000074650000-0x0000000074BFB000-memory.dmp

Filesize
5.7MB

Download
memory/2248-3-0x00000000021C0000-0x0000000002200000-memory.dmp

Filesize
256KB

Download
memory/2248-7-0x0000000074610000-0x0000000074BBB000-memory.dmp

Filesize
5.7MB

Download
memory/2248-6-0x00000000021C0000-0x0000000002200000-memory.dmp

Filesize
256KB

Download
memory/2248-5-0x00000000021C0000-0x0000000002200000-memory.dmp

Filesize
256KB

Download
memory/2248-0-0x0000000074610000-0x0000000074BBB000-memory.dmp

Filesize
5.7MB

Download
memory/2248-1-0x0000000074610000-0x0000000074BBB000-memory.dmp

Filesize
5.7MB

Download
memory/2248-2-0x00000000021C0000-0x0000000002200000-memory.dmp

Filesize
256KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads