Analysis
-
max time kernel
119s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
24/12/2023, 16:39
General
-
Target
06350c1961ee8dad1cc353ed628d81fb.exe
-
Size
886KB
-
MD5
06350c1961ee8dad1cc353ed628d81fb
-
SHA1
36c95c5df63617ed37eacbdf658ee35f2552a22e
-
SHA256
09b4c8ad7f0b0a651b468b8affb53d70db6c3b62c6fd4d69ef87b0da0d73af82
-
SHA512
534f1e5aeb26766e3f73bda925baf508169a974997e79571c20f53871f78ead1328e37de250007dac3172d121e599b9c1d28fe6ecfe9ef32eccfcc7698830442
-
SSDEEP
24576:z6rT0bp8iVtGVcG9pV1OqVtFnSQT3mC7npsTU4jmg:zC0bVG9BSIxpsTwg
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 16 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\06350c1961ee8dad1cc353ed628d81fb.exe"C:\Users\Admin\AppData\Local\Temp\06350c1961ee8dad1cc353ed628d81fb.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\System32\mshta.exe" "javascript:new ActiveXObject('WScript.Shell').Run('SOLA_2.0_23169307684331.bat',0);window.close()"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\SOLA_2.0_23169307684331.bat" "3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c date /t4⤵
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c dir C:\Windows\explorer.exe4⤵
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD5a8739fbe63e756796622682d1306df51
SHA14e43a1ed3d45353a2dff612ae5d9df8fa7b00597
SHA256c7ff9ea3361629f293de3673a89b60826090b64bc4eaab3dc9e2c9878968966e
SHA5129ce20dbb0a2987d5bcc38940b8c82752f37b09cb9c64c4adba6d31699bd616a5f5c0612c73fc3d9e96a71924525483736cba0dd3577d580e3f4a06146c453bdc
-
Filesize
148KB