389fa82fcfb52aaeedfc12b9ab8c124e3b21d7ebe39ef7d40cf2177977932fc6

Analysis

max time kernel
119s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/12/2023, 20:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

119e7bdc9df381b657cb7a0dde1bacae.exe
Size

110KB
MD5

119e7bdc9df381b657cb7a0dde1bacae
SHA1

429e910f0489dcbbd15b97c9c831380661a41ee5
SHA256

389fa82fcfb52aaeedfc12b9ab8c124e3b21d7ebe39ef7d40cf2177977932fc6
SHA512

9a8706bd0f3469f2bba6c8b071b6160b184b3c23e752c1026c7956ad11f2f5a219f215786702b0beda3c459d45eef810455d364caa3df78d2da817ec4362f8e7
SSDEEP

1536:AUAdaM1qL7ZpRlu7XqCvO1/WYBpR6kS/Vqy9DhAobOBUFQX1nqz:A9djM3u7Xq1BPy3hoUFkpq

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2940	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1988 wrote to memory of 2940	1988	119e7bdc9df381b657cb7a0dde1bacae.exe	28
PID 1988 wrote to memory of 2940	1988	119e7bdc9df381b657cb7a0dde1bacae.exe	28
PID 1988 wrote to memory of 2940	1988	119e7bdc9df381b657cb7a0dde1bacae.exe	28
PID 1988 wrote to memory of 2940	1988	119e7bdc9df381b657cb7a0dde1bacae.exe	28

C:\Users\Admin\AppData\Local\Temp\119e7bdc9df381b657cb7a0dde1bacae.exe
"C:\Users\Admin\AppData\Local\Temp\119e7bdc9df381b657cb7a0dde1bacae.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1988
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Cjb..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2940

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cjb..bat

Filesize
210B

MD5
7dab95afe4878f926a4ffa86a3697a83

SHA1
74c578f5a29ea043409ee7afd6be316343c496a9

SHA256
78d8b0cba539effba0052379e61bcb4dcb2fa6187bc44b10b46fd0bdeb8ac45a

SHA512
ea888afd8e9f78d43b036c98f4e818028813ddf0cab29f028eacfc650d98d2f59e4345fa017939115fcb5be6774fdfe1117d0bd2c9adffbdd3698c194399578e

Download Submit
memory/1988-0-0x0000000000150000-0x0000000000164000-memory.dmp

Filesize
80KB

Download
memory/1988-1-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/1988-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download