Analysis
-
max time kernel
151s -
max time network
155s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-12-2023 03:21
General
-
Target
02aa4aac6bc417b73d6ea452194252fe.exe
-
Size
786KB
-
MD5
02aa4aac6bc417b73d6ea452194252fe
-
SHA1
69d4e8942d6c3891a06b988ada2cb8a75fc738b5
-
SHA256
d8c56946b65ffcf4b6aa2bd510fefb626edcc2a135c07e2f0175686aa0e588e6
-
SHA512
c241466c03983fa0809836d61db44c640c2ae16d8349723327b6bf0cc5267c69ecf4c91c74ba7e948655ff3b4bf9dd72046e11d4d9a123f35f1dde40e63c4158
-
SSDEEP
12288:vyxPJa2s86jofrWEuxjcZxyPq8tf8sQ+PRtj3lDsmMHj3N6eiaFmhL+JigD:vyxPJ/s86szWEuKiflOmMDhPEhL+lD
Malware Config
Signatures
-
Osiris
-
Drops startup file 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\02aa4aac6bc417b73d6ea452194252fe.exe"C:\Users\Admin\AppData\Local\Temp\02aa4aac6bc417b73d6ea452194252fe.exe"1⤵
- Drops startup file
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\GetX64BTIT.exeFilesize
3KB
MD5b4cd27f2b37665f51eb9fe685ec1d373
SHA17f08febf0fdb7fc9f8bf35a10fb11e7de431abe0
SHA25691f1023142b7babf6ff75dad984c2a35bde61dc9e61f45483f4b65008576d581
SHA512e025f65224d78f5fd0abebe281ac0d44a385b2641e367cf39eed6aefada20a112ac47f94d7febc4424f1db6a6947bac16ff83ef93a8d745b3cddfdbe64c49a1e
-
C:\Users\Admin\AppData\Local\Temp\x64btit.txtFilesize
28B
MD5d6b11e5e55947c06bee26fd63c8022be
SHA134fca4520b2dd9077f05c6641452656d8ad6c243
SHA25665126411b1b223def99c82a8924aa472800d9a787b639876ae028450c690c410
SHA512ec86e43877ac619109153ced4c527da49c5da072ee3866b0c17083b09a61cb6016f79c46c54dc5b8f4a5f4def07fae488512b3f361187658658f24a0bc698a22
-
\Users\Admin\AppData\Local\Temp\GetX64BTIT.exeFilesize
2KB
MD57c4675aabf37325d49bfd23c9bcbcfa9
SHA120e1808aa12a56bc508782c471fd5f82f487eef5
SHA2569835c9dfef9564685baf99a92956a2537f8bf36e891d1c8faa4f684e22aaa3b5
SHA51224b389ee8f25d921bf5545252d638f8e1df1ffdd24e89bc4476e08c7ff85d6c9bf045fcaea0f40526085db0f21413f82eb0c07309744a416f00d4121700cee5f
-
memory/2020-7-0x0000000002890000-0x0000000002939000-memory.dmpFilesize
676KB
-
memory/2020-8-0x0000000002890000-0x0000000002939000-memory.dmpFilesize
676KB
-
memory/2020-5-0x0000000002890000-0x0000000002939000-memory.dmpFilesize
676KB
-
memory/2020-4-0x0000000002890000-0x0000000002939000-memory.dmpFilesize
676KB
-
memory/2020-9-0x0000000002890000-0x0000000002939000-memory.dmpFilesize
676KB
-
memory/2020-2-0x00000000004B0000-0x00000000004F2000-memory.dmpFilesize
264KB
-
memory/2020-6-0x0000000002890000-0x0000000002939000-memory.dmpFilesize
676KB
-
memory/2020-15-0x0000000000170000-0x000000000023A000-memory.dmpFilesize
808KB
-
memory/2020-19-0x0000000000280000-0x000000000029F000-memory.dmpFilesize
124KB
-
memory/2020-21-0x0000000002890000-0x0000000002939000-memory.dmpFilesize
676KB
-
memory/2020-20-0x0000000002890000-0x0000000002939000-memory.dmpFilesize
676KB
-
memory/2020-18-0x0000000010000000-0x0000000010016000-memory.dmpFilesize
88KB
-
memory/2020-3-0x0000000000170000-0x000000000023A000-memory.dmpFilesize
808KB