Overview

overview

7

Static

static

1

06f33a5c41...2f.exe

windows7-x64

7

06f33a5c41...2f.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    120s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24/12/2023, 16:58

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    06f33a5c4148d806ef8c0d8d45b5a62f.exe

  • Size

    288KB

  • MD5

    06f33a5c4148d806ef8c0d8d45b5a62f

  • SHA1

    18ae4bceaeb6b467d457290d9c61180066ff300a

  • SHA256

    154d92661bdeaa6d0c27b1449e634138bf05adb6846fccbea7ab66f3cbde53e4

  • SHA512

    9597d4ffda0f82190937b6695d1c642c0206506177098c38cacb12f703ddb670e9c1ad9e44fad8b2bbae20d08ec6b62b30562fdbde89f36be1b0945beb565f0c

  • SSDEEP

    6144:2c4Ub8G98n0021valv5ewibh8HOlxHUbx1LqrJQ:2c2GS0021vUv8oOlNUv2rJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06f33a5c4148d806ef8c0d8d45b5a62f.exe
    "C:\Users\Admin\AppData\Local\Temp\06f33a5c4148d806ef8c0d8d45b5a62f.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2124
    • C:\Users\Admin\AppData\Local\Temp\n8297\ins8297.exe
      "C:\Users\Admin\AppData\Local\Temp\n8297\ins8297.exe" ins.exe /t530a1b0c3fb87 /e12236294 /u17dced38-7f70-11e3-8a58-80c16e6f498c
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:2672

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\n8297\ins8297.exe
          Filesize

          265KB

          MD5

          4c24a9e76a700931ae23e212519593c3

          SHA1

          d738435c7d5d98223462e6b4dd97e1081f911e97

          SHA256

          75912abe46cabda79f285ba2b0d70c8aa31eae564886d2f483f3e325379b67fb

          SHA512

          d48038bdd5e06761c45b711cf7dff1c5b6e56e5cbc230041fb16e1f3418235809008ea3545375e02b48b0cca1857348ea23fd4fd35165e72df9a9956b225f12f

          Download Submit

        • memory/2672-15-0x000007FEF5A80000-0x000007FEF641D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2672-14-0x0000000000510000-0x000000000051A000-memory.dmp

          Filesize

          40KB

          Download

        • memory/2672-16-0x00000000020B0000-0x0000000002130000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2672-17-0x000007FEF5A80000-0x000007FEF641D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2672-18-0x00000000020B0000-0x0000000002130000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2672-19-0x00000000020B0000-0x0000000002130000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2672-20-0x00000000020B0000-0x0000000002130000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2672-21-0x00000000020B0000-0x0000000002130000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2672-22-0x000007FEF5A80000-0x000007FEF641D000-memory.dmp

          Filesize

          9.6MB

          Download

        • memory/2672-23-0x00000000020B0000-0x0000000002130000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2672-24-0x00000000020B0000-0x0000000002130000-memory.dmp

          Filesize

          512KB

          Download

        • memory/2672-25-0x000007FEF5A80000-0x000007FEF641D000-memory.dmp

          Filesize

          9.6MB

          Download