77e515cd40dba7f6d5389f0b4547e056c3d26373ee9d7878d4d0836fb2487d73

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 17:45 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

093482ba49649454005a286b63314bee.exe
Size

120KB
MD5

093482ba49649454005a286b63314bee
SHA1

4418282b6a8ff59b14f34bc7a0b0deabb61af1f0
SHA256

77e515cd40dba7f6d5389f0b4547e056c3d26373ee9d7878d4d0836fb2487d73
SHA512

3de62cfd5b7c0abae9d8b28d478eed18db8cbfebe0b7c6f80f1c4f6d3da7e7fcd4616f424e41f0b01ee6847f9ee276cc2d62a1fa3c63252108b89d569f6f34a2
SSDEEP

1536:/SjaDCgzh/pwY5tk+Xdu1jozq3z1bBR9CgGEi1xtTucxLCdP0YuYQGu41XAtt:Djoqtk4du1vJ5l7i1zLcMYuYBCH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2492	2.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\2.exe	093482ba49649454005a286b63314bee.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process
2288	2492	WerFault.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2232	093482ba49649454005a286b63314bee.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2492	2232	093482ba49649454005a286b63314bee.exe	20
PID 2232 wrote to memory of 2492	2232	093482ba49649454005a286b63314bee.exe	20
PID 2232 wrote to memory of 2492	2232	093482ba49649454005a286b63314bee.exe	20
PID 2232 wrote to memory of 2492	2232	093482ba49649454005a286b63314bee.exe	20
PID 2492 wrote to memory of 2288	2492	2.exe	19
PID 2492 wrote to memory of 2288	2492	2.exe	19
PID 2492 wrote to memory of 2288	2492	2.exe	19
PID 2492 wrote to memory of 2288	2492	2.exe	19

C:\Users\Admin\AppData\Local\Temp\093482ba49649454005a286b63314bee.exe
"C:\Users\Admin\AppData\Local\Temp\093482ba49649454005a286b63314bee.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\2.exe
  "C:\Windows\2.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 148
1⤵
- Program crash
PID:2288

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\2.exe

Filesize
45KB

MD5
78fc9cccfb9b443b4ec20e0e9cceec16

SHA1
bd85f68629222166d3618f7abb8eaa625ad2d361

SHA256
18a93c6485ea3b26288a06bd71b89ec6935ed11d992becbe2ccc98b7bc98c995

SHA512
125793b9cb9c87329b4931707f86cc562b5b87f936d2e16a83e8b1e28d963200439f29699f6dedeb2607f6b18712f196566b594e5494b2d502f50dd9f09f1698

Download Submit
C:\Windows\2.exe

Filesize
24KB

MD5
49c318a4db52730bd3454e9af606b42e

SHA1
b1b37158cf5f2f5cd755e7f8ac084d367519eb19

SHA256
35e848c4c666cc8a1abbd56bb748e19145ca298ca87e723134a41884ee75900f

SHA512
3e64275840f4b6345135340659bcd13dc15e479e56df65ca1c2e242e82bd21135cce06f20736cdda22a74ab491b997cef7b2acb1941395044616419d35597835

Download Submit
memory/2232-5-0x00000000004E0000-0x00000000004E6000-memory.dmp

Filesize
24KB

Download