2ccb9c30fce699f51284611c9cc681556daf7cd51cf969b1b8a0b0d53ab13c65

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12c5f4f0fb7d7f91990ee421ca67d175.exe
Size

126KB
MD5

12c5f4f0fb7d7f91990ee421ca67d175
SHA1

4ab20c70d297828204f211ddfd7e6072ed1af674
SHA256

2ccb9c30fce699f51284611c9cc681556daf7cd51cf969b1b8a0b0d53ab13c65
SHA512

9a168e272f5ee6e2f8f805f19210a260d247fdeb27a66b09e154f32cc1ece3400636e355b53d8b3c8aae8c5edb30644853da1cc1984d27a84c4257bfbefedb6e
SSDEEP

1536:13L71KeIPmaNJwPDoDMhFaddOyaVqEUG/eVReZWhn0ranFw1JqtFuWScsY9MGMwS:13hI+ErDVaVNkDEmFwit3lTS

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2768	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 2768	2512	12c5f4f0fb7d7f91990ee421ca67d175.exe	28
PID 2512 wrote to memory of 2768	2512	12c5f4f0fb7d7f91990ee421ca67d175.exe	28
PID 2512 wrote to memory of 2768	2512	12c5f4f0fb7d7f91990ee421ca67d175.exe	28
PID 2512 wrote to memory of 2768	2512	12c5f4f0fb7d7f91990ee421ca67d175.exe	28

C:\Users\Admin\AppData\Local\Temp\12c5f4f0fb7d7f91990ee421ca67d175.exe
"C:\Users\Admin\AppData\Local\Temp\12c5f4f0fb7d7f91990ee421ca67d175.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Vjz..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Vjz..bat

Filesize
210B

MD5
e2883dfc1d8bcc2d1e6c6c777472ac00

SHA1
aa5667f75a204f8a649a3f5eac49e808090490ff

SHA256
bf8c61d3cad3e462363a4ce253e3d3c3feb1243913c7573e801958aef6a20e22

SHA512
8fc9aca239a78f64d97c2a2b7ecd8a34be2339c99ba25e29fa6051eecfa354e87a8e8cced10b5bc21b05ae24ef38706e2392e35e71709fd9a12e14ce4893e558

Download Submit
memory/2512-1-0x0000000000260000-0x000000000028D000-memory.dmp

Filesize
180KB

Download
memory/2512-0-0x0000000000260000-0x000000000028D000-memory.dmp

Filesize
180KB

Download
memory/2512-2-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2512-4-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download