219e3c1d5efedb9acbc4a703a14d7b2dd96f59c4fbd7254609e5df8f30a8a830

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 06:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0c0002f3681e95edea4b942d433deb71.exe
Size

571KB
MD5

0c0002f3681e95edea4b942d433deb71
SHA1

1246cc7c4e3badf7cb0f125001a4cb9ebeaa7dbe
SHA256

219e3c1d5efedb9acbc4a703a14d7b2dd96f59c4fbd7254609e5df8f30a8a830
SHA512

613a515ed3388c0597111e35a9a3dc6656a9c73dd9745cfde440761965af24a218926a00435185cd4f64bab0dab7f08d0e9f0d28036f47be5c03a24947c2444d
SSDEEP

12288:LsuXX0kLDCEkJJqqw442eUucG1FWP56mEIlpfrcKh/DWOw++s+:AuXk+DMzw4yGae4rIlpDcUBH+s+

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0c0002f3681e95edea4b942d433deb71.lnk	0c0002f3681e95edea4b942d433deb71.exe

Loads dropped DLL 1 IoCs

pid	Process
2752	0c0002f3681e95edea4b942d433deb71.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0c0002f3681e95edea4b942d433deb71.exe
"C:\Users\Admin\AppData\Local\Temp\0c0002f3681e95edea4b942d433deb71.exe"
1⤵
- Drops startup file
- Loads dropped DLL
PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\{9b0a5906-400a-0b49-9b0a-a59064006419}\0c0002f3681e95edea4b942d433deb71.exe

Filesize
571KB

MD5
0c0002f3681e95edea4b942d433deb71

SHA1
1246cc7c4e3badf7cb0f125001a4cb9ebeaa7dbe

SHA256
219e3c1d5efedb9acbc4a703a14d7b2dd96f59c4fbd7254609e5df8f30a8a830

SHA512
613a515ed3388c0597111e35a9a3dc6656a9c73dd9745cfde440761965af24a218926a00435185cd4f64bab0dab7f08d0e9f0d28036f47be5c03a24947c2444d

Download Submit
memory/2752-19-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2752-26-0x00000000006B0000-0x00000000006B1000-memory.dmp

Filesize
4KB

Download
memory/2752-4-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2752-2-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2752-6-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2752-8-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/2752-10-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/2752-11-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2752-12-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2752-13-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2752-14-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2752-17-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2752-18-0x0000000000210000-0x0000000000211000-memory.dmp

Filesize
4KB

Download
memory/2752-0-0x0000000000020000-0x0000000000022000-memory.dmp

Filesize
8KB

Download
memory/2752-3-0x0000000000230000-0x0000000000256000-memory.dmp

Filesize
152KB

Download
memory/2752-22-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2752-20-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/2752-24-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2752-25-0x00000000006A0000-0x00000000006A1000-memory.dmp

Filesize
4KB

Download
memory/2752-21-0x0000000000670000-0x0000000000671000-memory.dmp

Filesize
4KB

Download
memory/2752-27-0x00000000006C0000-0x00000000006C1000-memory.dmp

Filesize
4KB

Download
memory/2752-28-0x00000000006D0000-0x00000000006D1000-memory.dmp

Filesize
4KB

Download
memory/2752-29-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/2752-30-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2752-31-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2752-33-0x00000000006E0000-0x00000000006E1000-memory.dmp

Filesize
4KB

Download
memory/2752-32-0x00000000001A0000-0x00000000001A2000-memory.dmp

Filesize
8KB

Download
memory/2752-34-0x0000000000730000-0x0000000000731000-memory.dmp

Filesize
4KB

Download
memory/2752-1-0x0000000000030000-0x0000000000031000-memory.dmp

Filesize
4KB

Download