bd2dddfb7f978b8fdf099bbc3e741952507ac644fe77b3af02398304bc432041

Analysis

max time kernel
119s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 19:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0f5808113f49dd058802402b47be0559.exe
Size

156KB
MD5

0f5808113f49dd058802402b47be0559
SHA1

e8b5e7a72c2123fd0c24e55104f96499c2c67891
SHA256

bd2dddfb7f978b8fdf099bbc3e741952507ac644fe77b3af02398304bc432041
SHA512

dcc51eceef022dca1f4786410a29efb4c078bf1b23ced23292e53799237bbc61763d6ef4a9185238dc7cf2ee22e03d55b9e252b956665ce24d77dc2e2206bef8
SSDEEP

3072:Qj07dyzEE/QhD7sJ99MewJ+w7qTN2Dxe/MFa0lPZ6PepHo7:gywzEsQhUv9MVUw7wNlu2

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2700	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2700	2444	0f5808113f49dd058802402b47be0559.exe	28
PID 2444 wrote to memory of 2700	2444	0f5808113f49dd058802402b47be0559.exe	28
PID 2444 wrote to memory of 2700	2444	0f5808113f49dd058802402b47be0559.exe	28
PID 2444 wrote to memory of 2700	2444	0f5808113f49dd058802402b47be0559.exe	28

C:\Users\Admin\AppData\Local\Temp\0f5808113f49dd058802402b47be0559.exe
"C:\Users\Admin\AppData\Local\Temp\0f5808113f49dd058802402b47be0559.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Xxb..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2700

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Xxb..bat

Filesize
210B

MD5
54a74659ce2b3196266aa227e9e5e9bf

SHA1
64abb783393045388190b5a4a0f80f2552aa847b

SHA256
51864960ba6eb19dfda4736d5d21dccb3876eaf3ea607e4289f10f5c4993c5e1

SHA512
200eb1c707ffe93ba7ac94f1ab329a40e30ea1bf9d6d48c2d51f1a7da044025b64e04c0f1398ff7218247758009841f123f84c589cfe1689322d9ef88d322d37

Download Submit
memory/2444-2-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2444-1-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/2444-0-0x00000000001D0000-0x00000000001E6000-memory.dmp

Filesize
88KB

Download
memory/2444-4-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download