Overview

overview

7

Static

static

3

115b17974a...1e.exe

windows7-x64

7

115b17974a...1e.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    118s
  • max time network
    119s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 08:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    115b17974a0db59ea5083b936dd8a91e.exe

  • Size

    121KB

  • MD5

    115b17974a0db59ea5083b936dd8a91e

  • SHA1

    c0cbc17a83a99d60bbf5f70b7a93c8afac0ad8cd

  • SHA256

    b117df494877e6bb198069eb418b4a2a22af6583f31b06de9b51e9685c5a0f6a

  • SHA512

    cb92b9270f4355e213bc9ed5a8ce8d536e0eac95b8613f0a90c494547fd73c4d0964b1b9d41ac183f4679026021f60a6ebe4871ddbc731b50f4f8e90ec031662

  • SSDEEP

    1536:iUK3ATn6Q1w6ZnBbWxu5hb86HTU879i0PORJrqpzuQfRH+:SwTJPl9Wxuw6HTqR4pR

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\115b17974a0db59ea5083b936dd8a91e.exe
    "C:\Users\Admin\AppData\Local\Temp\115b17974a0db59ea5083b936dd8a91e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1776
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Inz..bat" > nul 2> nul
      2⤵
      • Deletes itself
      PID:1076

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Inz..bat
    Filesize

    210B

    MD5

    680364945d337da6e1a94fc983125dd7

    SHA1

    920ec9084a59c02ee34a9781b85163c232a230d4

    SHA256

    dba58945882e1adfbab0473eee9e7f5a10d2ebbee0814c1c163616e1f8188381

    SHA512

    6fa04c25f7afd38205fbd7fd470985311ad3ddf893d2aa1099771f877dfafbdb3e5d27e48e43272bca1da1dc28bad328c4a9c1dd1380030aa0ff8e981a032d74

    Download Submit

  • memory/1776-0-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1776-1-0x00000000003B0000-0x00000000003BF000-memory.dmp

    Filesize

    60KB

    Download

  • memory/1776-2-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download

  • memory/1776-4-0x0000000000400000-0x0000000000422000-memory.dmp

    Filesize

    136KB

    Download