Analysis
-
max time kernel
118s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
21-12-2023 17:24
Static task
static1
Behavioral task
behavioral1
Sample
0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
Resource
win7-20231215-en
General
-
Target
0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
-
Size
11.8MB
-
MD5
d7fd6731e4db6fdac15d7ce4844254f0
-
SHA1
32286ffae51a5bc0f14bcf6f7cc10d5040abd8c4
-
SHA256
0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f
-
SHA512
5bb7f1731c892300d67aec81eaa48788690b6abcd9fca5f81dd8830d481d9e6aaf1fa766153b94ad450b6a346b1f48fe8ce4b449062ac476b5ac2cc244315d73
-
SSDEEP
196608:I1rT3Lk6XhNQSKwAk2V80t5AtgNtKpXeBHsepB7/nqlKBlIgj:irbLPXhN1Kpk6t5AtutKpOBppRln
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2732 WW13_64.exe -
Loads dropped DLL 2 IoCs
pid Process 3040 0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe 2732 WW13_64.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 3040 wrote to memory of 2732 3040 0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe 28 PID 3040 wrote to memory of 2732 3040 0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe 28 PID 3040 wrote to memory of 2732 3040 0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe"C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3040 -
C:\Users\Admin\AppData\Local\Temp\onefile_3040_133476531081294000\WW13_64.exe"C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2732
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD55ede2db5258afa95f20fc1d7579abc7a
SHA17c4568c18e8293b3d3a9b460048eeac427a892a1
SHA256da19168aefe935f5053180f28c934cdd46544f46f40976677d8db9ea421431d8
SHA512fdff06d9440dc99b53f63b1adc21b8b23cf2a22c0ce813e908b89782294f1dc154391ea12c6e02025e4a1483ca68a8080c88672dabd5323f831f86cb3ac921d6
-
Filesize
1.1MB
MD5ff85609b242814a0b40b213b648880b3
SHA14ee993e481e07e2573c5e92b8f7a1d3f48df4d6b
SHA2567faa29abab5eda2b044d16b58c271b7e844c1b473921c7819d2ad0eac46c53c1
SHA512a2fe4da7c22997408de9ece65a541de02d725a7a42e291af9d35d671d9ca54695e45a6ccc854ac9872c60549fb28c23ad8b16c0d4e20d3c69601e463134939c4
-
Filesize
1.8MB
MD570f3f022ee7937613e6289a595ebdc70
SHA17c32bdfa780bfb7592b3ab62e5ef650f65972e89
SHA256b7d8d72271b265afb2bb364a9034d457fa226f9fa1c44b05ab13ec8460273259
SHA51285cfb933b9f5432dd6dbd0267e2147eac5169cc305703f94a29911dd8a56d01a0e6e239bc925e093efb9786b2009cf4b46737ae1c0acdf9ccef56b5cd30f0101
-
Filesize
322KB
MD5fd42614de07007fba5af96b60cdd2f84
SHA15c6b5b27fd105ce2eaa3ee005a5158c7659089ea
SHA2567c04e1708ba4411638bd3fbc29fc046cb2e4393279ec426bc8613d5fa4fcad34
SHA51218515fdd7ebd7ec9ce2d39195b063ce2c3b870816fa07a1df2e88b8c6a8cdad7f6b7f8c87778e7c659dec6f824367d46c376bd495a28426857d6c7d7b42b9c98