Analysis
-
max time kernel
140s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
24/12/2023, 23:36
Static task
static1
Behavioral task
behavioral1
Sample
1a0ee408ea1d96cac957e8ad2e8cdc39.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
1a0ee408ea1d96cac957e8ad2e8cdc39.exe
Resource
win10v2004-20231215-en
General
-
Target
1a0ee408ea1d96cac957e8ad2e8cdc39.exe
-
Size
416KB
-
MD5
1a0ee408ea1d96cac957e8ad2e8cdc39
-
SHA1
0318475908957f86990ad49479c885d8ee2bb5e5
-
SHA256
b98031bc2c8c02c38228b6304d2fbdd3ec1e2c60168527d3d95b7e82abfc991c
-
SHA512
75d54970344da32ed53da39f96f6a820d9a9919f4d6a284a064e4425769356b20a754c597f5bc00ab3a98fd939e44be69c3ce1b1da78fad9c1b58f0643060704
-
SSDEEP
12288:gutrzh9xOXkggyeXFI7PfOnjPKIkmC70bks2:gutr5OUggyVrfOjSd7kX2
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 944 Plugin de Seguranca.exe -
Loads dropped DLL 2 IoCs
pid Process 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2736 wrote to memory of 944 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe 18 PID 2736 wrote to memory of 944 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe 18 PID 2736 wrote to memory of 944 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe 18 PID 2736 wrote to memory of 944 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe 18 PID 2736 wrote to memory of 944 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe 18 PID 2736 wrote to memory of 944 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe 18 PID 2736 wrote to memory of 944 2736 1a0ee408ea1d96cac957e8ad2e8cdc39.exe 18
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a0ee408ea1d96cac957e8ad2e8cdc39.exe"C:\Users\Admin\AppData\Local\Temp\1a0ee408ea1d96cac957e8ad2e8cdc39.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2736 -
C:\Users\Admin\AppData\Local\Temp\Plugin de Seguranca.exe"C:\Users\Admin\AppData\Local\Temp\Plugin de Seguranca.exe"2⤵
- Executes dropped EXE
PID:944
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD5436f4e793c2e623cd9422f01ce2b92f2
SHA1f4c3ebf166bccd9ecc138cbbd22bbfd9fb151cb5
SHA256103b0113d02ddae060bebef5e1d7fbd1bb94b692b9a11f1bd3317fd10a56972d
SHA512039b28c6d570a32dd474830a27d98091c235358432916fbe90138a9a63f596e36f39b0f303d0cfa634fb78a342342d6edae40a0609873e37cd76eb21b270a97d
-
Filesize
94KB
MD57b37658ea9fd84504fdbafc0db22bed5
SHA122351d48d4613d7f45086cc5d74c90903f8f1331
SHA256c3f28b94350194fcf7a9df95a229249d950265ca5e3492ba03a211906de46488
SHA512c8701ef15826b326c4c891cf5ce6728f16a45094d75e4f1c628770e5dfc540d22b95822a4a4929150e0949cdfacd1aa4bba1f1528fa0715f43049e553fc26753
-
Filesize
384KB
MD5708589ee3683f2f382bb63bf04d2e525
SHA120673f7a3c512f39a0c0fbe17bbb3fac3cbc9686
SHA256d2182dff4b5e26e49d21fdfeed349e421f343f08dddbaba1c7a229f3ba6ee730
SHA512e8b30d3ce31d438e6da3770e955391d5d597312d600adc2b996677c14c0101c1e7c49430ec86aa8cb486e79466ee032f7eb89b7da95b0419b67b076cba1273d6