44f1ab52057d4598422fe4761ffbf72113ad5a0071bdf32f5de5966fddba68d7

Analysis

max time kernel
117s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0109faacdff6b82cb52dc30367c226e3.exe
Size

140KB
MD5

0109faacdff6b82cb52dc30367c226e3
SHA1

89aa34d1741899331f9d7adc1a2d1ed07c234433
SHA256

44f1ab52057d4598422fe4761ffbf72113ad5a0071bdf32f5de5966fddba68d7
SHA512

1049ac9d14ce32006c22be766034db4043733d06d67839f78d7ba0be5b37bd9bb612e434973662f1854e1f40de4d9b877ae4d76d9c8577277763b92915d8924c
SSDEEP

1536:VXnhVjRXRk2k95wt9IpFcRXUzRnkQ8f4Zlp4K3RYTfZQXuDVCf9p8d0n46DN1D:V/Uet9acX6RkQ3XR7u5c9pz46Dz

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2208	CMD.exe

Gathers system information 1 TTPs 5 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
2944	systeminfo.exe
2696	systeminfo.exe
2784	systeminfo.exe
2460	systeminfo.exe
2140	systeminfo.exe

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2208	2204	0109faacdff6b82cb52dc30367c226e3.exe	28
PID 2204 wrote to memory of 2208	2204	0109faacdff6b82cb52dc30367c226e3.exe	28
PID 2204 wrote to memory of 2208	2204	0109faacdff6b82cb52dc30367c226e3.exe	28
PID 2204 wrote to memory of 2208	2204	0109faacdff6b82cb52dc30367c226e3.exe	28
PID 2208 wrote to memory of 2460	2208	CMD.exe	30
PID 2208 wrote to memory of 2460	2208	CMD.exe	30
PID 2208 wrote to memory of 2460	2208	CMD.exe	30
PID 2208 wrote to memory of 2460	2208	CMD.exe	30
PID 2208 wrote to memory of 2140	2208	CMD.exe	33
PID 2208 wrote to memory of 2140	2208	CMD.exe	33
PID 2208 wrote to memory of 2140	2208	CMD.exe	33
PID 2208 wrote to memory of 2140	2208	CMD.exe	33
PID 2208 wrote to memory of 2944	2208	CMD.exe	34
PID 2208 wrote to memory of 2944	2208	CMD.exe	34
PID 2208 wrote to memory of 2944	2208	CMD.exe	34
PID 2208 wrote to memory of 2944	2208	CMD.exe	34
PID 2208 wrote to memory of 2696	2208	CMD.exe	35
PID 2208 wrote to memory of 2696	2208	CMD.exe	35
PID 2208 wrote to memory of 2696	2208	CMD.exe	35
PID 2208 wrote to memory of 2696	2208	CMD.exe	35
PID 2208 wrote to memory of 2784	2208	CMD.exe	36
PID 2208 wrote to memory of 2784	2208	CMD.exe	36
PID 2208 wrote to memory of 2784	2208	CMD.exe	36
PID 2208 wrote to memory of 2784	2208	CMD.exe	36

C:\Users\Admin\AppData\Local\Temp\0109faacdff6b82cb52dc30367c226e3.exe
"C:\Users\Admin\AppData\Local\Temp\0109faacdff6b82cb52dc30367c226e3.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\CMD.exe
  CMD /C SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && SYSTEMINFO && DEL "C:\Users\Admin\AppData\Local\Temp\0109faacdff6b82cb52dc30367c226e3.exe"
  2⤵
  - Deletes itself
  - Suspicious use of WriteProcessMemory
  PID:2208
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2460
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2140
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2944
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2696
- - C:\Windows\SysWOW64\systeminfo.exe
    SYSTEMINFO
    3⤵
    - Gathers system information
    PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2204-0-0x000000007EFA0000-0x000000007EFAD000-memory.dmp

Filesize
52KB

Download
memory/2204-1-0x0000000000240000-0x0000000000256000-memory.dmp

Filesize
88KB

Download
memory/2204-2-0x0000000000240000-0x0000000000256000-memory.dmp

Filesize
88KB

Download