fc9a120e7b08b083411b642d03dd7d42ab110043f7147257529f86eae7bc9ccb

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 01:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0e908dc360b0a331fc24a00debdc1db3.exe
Size

37.0MB
MD5

0e908dc360b0a331fc24a00debdc1db3
SHA1

99560ecd633be67b590c559e219ded4665efbcd1
SHA256

fc9a120e7b08b083411b642d03dd7d42ab110043f7147257529f86eae7bc9ccb
SHA512

f174ecdbc01012236c408d55a36e6dc772403ae028d7efe9a68830388a045a8c1cde297e044bd91c3ad3db47764f9e712d0e4e683383776777e4f85328b86876
SSDEEP

786432:OyqQbH1tOc8qyBElPGOuK3JrCE16uclhGdTw0615nIWL+9Oe3vh2b:aaHzyBE7rCwhclog5nIWe3vh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1952	maple.exe

Loads dropped DLL 2 IoCs

pid	Process
2364	0e908dc360b0a331fc24a00debdc1db3.exe
1952	maple.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 1952	2364	0e908dc360b0a331fc24a00debdc1db3.exe	30
PID 2364 wrote to memory of 1952	2364	0e908dc360b0a331fc24a00debdc1db3.exe	30
PID 2364 wrote to memory of 1952	2364	0e908dc360b0a331fc24a00debdc1db3.exe	30

C:\Users\Admin\AppData\Local\Temp\0e908dc360b0a331fc24a00debdc1db3.exe
"C:\Users\Admin\AppData\Local\Temp\0e908dc360b0a331fc24a00debdc1db3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\onefile_2364_133478533536988000\maple.exe
  "C:\Users\Admin\AppData\Local\Temp\0e908dc360b0a331fc24a00debdc1db3.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2364_133478533536988000\maple.exe

Filesize
1.1MB

MD5
a230d3454bce41df8e743240316f8f86

SHA1
6e7bbe7cbc50657b9be087da1532b62936cfd39d

SHA256
1679237107bb7a755cf4c5c49c6f5d4b5200ea57dec52d1de9fa4ab56e485890

SHA512
33e7a074388f9d39cd9d61bd69529e9ead8bd689fe3b9ec3d56ec4bf4ab3d1012309748bb0cb2b8c910634df2754b1442793b4a783760dab64399757257a08cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2364_133478533536988000\python311.dll

Filesize
813KB

MD5
ba9ccb3fadca0afd0462a19b4db99e60

SHA1
436002879360033caa4180a80eaa4f2c3d4ed4a5

SHA256
8b2480378860a1925fef7afc64539716ad520c4c8ad039a5e421f74d2c9810d4

SHA512
ade5fb50524e7a9ba93d1cf7db5907451fbceb07c4295d230f5792cd4d9a3c7e01317296c675b585bb91565f0ca37c7ebc1ad45c5eb14b30b0af6e6877e6406e

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2364_133478533536988000\maple.exe

Filesize
960KB

MD5
3633075bc00153bfa3ddd0613ce8011a

SHA1
9d718a0ad516824a38142c7657738a62fe2989f4

SHA256
11d6cecb5abe47e300749805419014298ada25def746f2879dc125f9e8697ccd

SHA512
1e8f918ca5e28fdcf06ba88f296153be20f81330d30d37c103015fb4155a8f9be3344d8e978bfff4e1c761454096934d1081b1c20f50f48e263285d9b8db73c4

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2364_133478533536988000\python311.dll

Filesize
45KB

MD5
88f468829ba791b21a327d5f487973ce

SHA1
57a8318fe53e5873e2c2c6e88d45312c29f9f7fe

SHA256
29a60901531f07ded68cc2cc08139020e4c53499b537ddb512d526a5d8655777

SHA512
7692d108c7747029d15ebf4a9244839ceefa49e3f36d50c8b166283fb99b834f545da248aa2f927cc9fd0b1afec3bb56723d17004628198fecc2035774dffcbe

Download Submit