3529e1c7de5322e78cb5f800909893a1c3a48c5d0040dce4aaf616494d470968

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11627a52190cebb5fd18f641a6789e29.exe
Size

103KB
MD5

11627a52190cebb5fd18f641a6789e29
SHA1

3753fbf0b7eb10f27a1b8f2f42b1031ef5947e31
SHA256

3529e1c7de5322e78cb5f800909893a1c3a48c5d0040dce4aaf616494d470968
SHA512

e622af6fb50aadf2013363335d9523d756d0e4ed231f242388d4a551fa5e9e170ca8a14a2eca607130ece0c7c311d8d7d809504b2947b42a00458aa388e819ad
SSDEEP

1536:CqJW3IBqpAXmqmuyBXSu6omC/w539lGzNP5x2d5shY73Y:dJW38/4EdVGNxxjhYLY

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2756	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1924 wrote to memory of 2756	1924	11627a52190cebb5fd18f641a6789e29.exe	28
PID 1924 wrote to memory of 2756	1924	11627a52190cebb5fd18f641a6789e29.exe	28
PID 1924 wrote to memory of 2756	1924	11627a52190cebb5fd18f641a6789e29.exe	28
PID 1924 wrote to memory of 2756	1924	11627a52190cebb5fd18f641a6789e29.exe	28

C:\Users\Admin\AppData\Local\Temp\11627a52190cebb5fd18f641a6789e29.exe
"C:\Users\Admin\AppData\Local\Temp\11627a52190cebb5fd18f641a6789e29.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1924
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Lzb..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Lzb..bat

Filesize
210B

MD5
d71c422b902a575b29c7c53d9213a429

SHA1
eae7b4b3d924a22837240b179d2062e526cae11d

SHA256
5efe4570c1e632fa03bb3440011745dc266f6f3dee6afb9a972eebd420974736

SHA512
16da8db5c36a3a1fd46c0e6c3890beee2fc5bdbbc82327af5e34afd09f69f1470a442c3887590b8af69bd3c9499de7da24182cd5e3d0af055ce986f1e194e6c3

Download Submit
memory/1924-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1924-1-0x0000000000120000-0x0000000000129000-memory.dmp

Filesize
36KB

Download
memory/1924-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1924-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download