fd0af456f169a261cf2caa06bef5b9e92e49fb7d5230c7591459ee4a68419e42

Resubmissions

06-02-2024 15:48

240206-s8rakaccbp 7

21-12-2023 17:24

231221-vy135abcek 10

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
21-12-2023 17:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
Size

11.8MB
MD5

d7fd6731e4db6fdac15d7ce4844254f0
SHA1

32286ffae51a5bc0f14bcf6f7cc10d5040abd8c4
SHA256

0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f
SHA512

5bb7f1731c892300d67aec81eaa48788690b6abcd9fca5f81dd8830d481d9e6aaf1fa766153b94ad450b6a346b1f48fe8ce4b449062ac476b5ac2cc244315d73
SSDEEP

196608:I1rT3Lk6XhNQSKwAk2V80t5AtgNtKpXeBHsepB7/nqlKBlIgj:irbLPXhN1Kpk6t5AtutKpOBppRln

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

WW13_64.exe

pid process

2732 WW13_64.exe
Loads dropped DLL 2 IoCs

Processes:

0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exeWW13_64.exe

pid process

3040 0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
2732 WW13_64.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2732	WW13_64.exe

pid	process
3040	0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
2732	WW13_64.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe

description	pid	process	target process
PID 3040 wrote to memory of 2732	3040	0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe	WW13_64.exe
PID 3040 wrote to memory of 2732	3040	0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe	WW13_64.exe
PID 3040 wrote to memory of 2732	3040	0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe	WW13_64.exe

C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
"C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3040
- C:\Users\Admin\AppData\Local\Temp\onefile_3040_133476531081294000\WW13_64.exe
  "C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_3040_133476531081294000\WW13_64.exe

Filesize
1.3MB

MD5
5ede2db5258afa95f20fc1d7579abc7a

SHA1
7c4568c18e8293b3d3a9b460048eeac427a892a1

SHA256
da19168aefe935f5053180f28c934cdd46544f46f40976677d8db9ea421431d8

SHA512
fdff06d9440dc99b53f63b1adc21b8b23cf2a22c0ce813e908b89782294f1dc154391ea12c6e02025e4a1483ca68a8080c88672dabd5323f831f86cb3ac921d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_3040_133476531081294000\python311.dll

Filesize
1.1MB

MD5
ff85609b242814a0b40b213b648880b3

SHA1
4ee993e481e07e2573c5e92b8f7a1d3f48df4d6b

SHA256
7faa29abab5eda2b044d16b58c271b7e844c1b473921c7819d2ad0eac46c53c1

SHA512
a2fe4da7c22997408de9ece65a541de02d725a7a42e291af9d35d671d9ca54695e45a6ccc854ac9872c60549fb28c23ad8b16c0d4e20d3c69601e463134939c4

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_3040_133476531081294000\WW13_64.exe

Filesize
1.8MB

MD5
70f3f022ee7937613e6289a595ebdc70

SHA1
7c32bdfa780bfb7592b3ab62e5ef650f65972e89

SHA256
b7d8d72271b265afb2bb364a9034d457fa226f9fa1c44b05ab13ec8460273259

SHA512
85cfb933b9f5432dd6dbd0267e2147eac5169cc305703f94a29911dd8a56d01a0e6e239bc925e093efb9786b2009cf4b46737ae1c0acdf9ccef56b5cd30f0101

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_3040_133476531081294000\python311.dll

Filesize
322KB

MD5
fd42614de07007fba5af96b60cdd2f84

SHA1
5c6b5b27fd105ce2eaa3ee005a5158c7659089ea

SHA256
7c04e1708ba4411638bd3fbc29fc046cb2e4393279ec426bc8613d5fa4fcad34

SHA512
18515fdd7ebd7ec9ce2d39195b063ce2c3b870816fa07a1df2e88b8c6a8cdad7f6b7f8c87778e7c659dec6f824367d46c376bd495a28426857d6c7d7b42b9c98

Download Submit
memory/3040-0-0x000000013F840000-0x0000000140F8D000-memory.dmp

Filesize
23.3MB

Download