40babe04ebf7ed975c54f69fe3415dae5e6bb89af5e35230c9696a3b54f02b00

Analysis

max time kernel
4s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

17024521e7cf010637c5f00f0030c2ec.exe
Size

142KB
MD5

17024521e7cf010637c5f00f0030c2ec
SHA1

a03a975b62a3fd16d5e88c344b4361ffff82fcc2
SHA256

40babe04ebf7ed975c54f69fe3415dae5e6bb89af5e35230c9696a3b54f02b00
SHA512

00685029ee6143b77d8aaab1d5b5d3e3f15bbc3258ab9d24f9940b8bfbb15d7cfb2abb4b509e6597565b6f3bd5e85ff6df25aa952def42739dae4528a0c4d911
SSDEEP

3072:6nOn7t7XpdpCCTg/sxFgJPeqgKJ+BCwC6IMIkxP/Hpk7RUQDKJbr:6KpdcCrTigKtBpkxPhkbD6X

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3188	downloadmr.exe

Loads dropped DLL 2 IoCs

pid	Process
2672	17024521e7cf010637c5f00f0030c2ec.exe
2672	17024521e7cf010637c5f00f0030c2ec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 3188	2672	17024521e7cf010637c5f00f0030c2ec.exe	39
PID 2672 wrote to memory of 3188	2672	17024521e7cf010637c5f00f0030c2ec.exe	39
PID 2672 wrote to memory of 3188	2672	17024521e7cf010637c5f00f0030c2ec.exe	39

C:\Users\Admin\AppData\Local\Temp\17024521e7cf010637c5f00f0030c2ec.exe
"C:\Users\Admin\AppData\Local\Temp\17024521e7cf010637c5f00f0030c2ec.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Users\Admin\AppData\Local\Temp\nsn8109.tmp\downloadmr.exe
  C:\Users\Admin\AppData\Local\Temp\nsn8109.tmp\downloadmr.exe /u4dc90721-0888-4db0-a2e5-20545bc06f26 /e58888
  2⤵
  - Executes dropped EXE
  PID:3188

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsn8109.tmp\System.dll

Filesize
11KB

MD5
75d6951965703b3add88460b1568181d

SHA1
0f8c4ac231b56b0c19b5ae1493e919807e4331e3

SHA256
545259f3b0bf91941b56f304fa79911e63a6e59d3c09b453bbe827db7e20a570

SHA512
7c30911ffbcad2300dbeecc37b3a20e569ac15d5e86b9ffde3f692694b8580be581aee42712a4ea180dac9814ffdb79f5210abe00b1e0b6b9ae5e8ac3bef2576

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn8109.tmp\System.dll

Filesize
1KB

MD5
8143e59c2b92661b705733d2ac1abe10

SHA1
d9ac6750f186ad7025ce4e03082fc6b3116a3294

SHA256
298d293a33588c53853c11884f93bf103d0716cdb7fcfbb4f1efaaa8b9aeb5b3

SHA512
1eb9f318db0e5b409d61a8eb7a80016ac912bb7639b04b5ece8d10bedcf3881e52d27ee47769e37ba332e82bad3c826b633067557133b8fa7bce7dd4c436ad77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn8109.tmp\downloadmr.exe

Filesize
9KB

MD5
91ad5f689703d44760ab9aaa27d5d04d

SHA1
c7c72c2ba4f29d405910b74fbc374771d0cc3161

SHA256
0a58503c4bb8fcc010e519bcd4834367d0e6ab6a746653dae9c44f080be93883

SHA512
fc4e1e237bfe03a36f43bd47142a01a602425156816d3554358b8bd62e15806e583e9bb995ba59b99b1458a5e37d9a397458e29c777520bdb9e357bdf40a4a0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsn8109.tmp\downloadmr.exe

Filesize
41KB

MD5
e72bd8e1498a5fe6dce0b70a2c51b332

SHA1
383868c53c0c4f1780ef246ea33af82d31e91981

SHA256
9680d5f96e22b89bdace0254ac0d42da143662fbfcc16adf151b47ab8945d18b

SHA512
e7c2c5955b25b56d4af868c341a8f7b1083b66cbfb8a4597eef70e4425b644dfbcf9aa8d6d20e2c1fb8dfd6e9549bea485df717c2745bf6a213e86b63b0f02db

Download Submit
memory/2672-19-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2672-20-0x000000006E3C0000-0x000000006E3CD000-memory.dmp

Filesize
52KB

Download
memory/2672-27-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/3188-14-0x0000000074620000-0x0000000074BD1000-memory.dmp

Filesize
5.7MB

Download
memory/3188-15-0x00000000007E0000-0x00000000007F0000-memory.dmp

Filesize
64KB

Download
memory/3188-17-0x00000000007E0000-0x00000000007F0000-memory.dmp

Filesize
64KB

Download
memory/3188-16-0x00000000007E0000-0x00000000007F0000-memory.dmp

Filesize
64KB

Download
memory/3188-18-0x00000000007E0000-0x00000000007F0000-memory.dmp

Filesize
64KB

Download
memory/3188-13-0x0000000074620000-0x0000000074BD1000-memory.dmp

Filesize
5.7MB

Download
memory/3188-21-0x0000000074620000-0x0000000074BD1000-memory.dmp

Filesize
5.7MB

Download
memory/3188-23-0x0000000074620000-0x0000000074BD1000-memory.dmp

Filesize
5.7MB

Download