38391416f2a0ff8cf433b938cfff1e9c21bf79b3b9aef3449f4224e60337dc86

Analysis

max time kernel
240s
max time network
286s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

11cfbf08c82f56967cffb1f2ed71c57f.exe
Size

137KB
MD5

11cfbf08c82f56967cffb1f2ed71c57f
SHA1

3ef2b701431732ea481d1b563c2c57bd32792431
SHA256

38391416f2a0ff8cf433b938cfff1e9c21bf79b3b9aef3449f4224e60337dc86
SHA512

a3ec567636126a38741fbb1ef7b409633b8509a61796c5858c7567ad8adde756f98d5a62d4d234635c4f313b1a405b78339ede664544caad72caea4af9e77dbb
SSDEEP

3072:KbPN+VmL91ASZ4L016HxawPQrwmy5MmtiJCMAiTBtPiSfL/U:KTJZJ1Gx9uwmy7g0biTj

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2388	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1836 wrote to memory of 2388	1836	11cfbf08c82f56967cffb1f2ed71c57f.exe	27
PID 1836 wrote to memory of 2388	1836	11cfbf08c82f56967cffb1f2ed71c57f.exe	27
PID 1836 wrote to memory of 2388	1836	11cfbf08c82f56967cffb1f2ed71c57f.exe	27
PID 1836 wrote to memory of 2388	1836	11cfbf08c82f56967cffb1f2ed71c57f.exe	27

C:\Users\Admin\AppData\Local\Temp\11cfbf08c82f56967cffb1f2ed71c57f.exe
"C:\Users\Admin\AppData\Local\Temp\11cfbf08c82f56967cffb1f2ed71c57f.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1836
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Njv..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Njv..bat

Filesize
210B

MD5
062c8ae34ab437cc297b0edf1b28c02d

SHA1
eed86cff226537c9abd4ce7d18d61ef25169ed27

SHA256
99fdc0e86bb918184b558cc09bde56cfd2ab0aea361cbad6ff6cf1a8012306f6

SHA512
ec919a606410c1e2b65737d49a59e93d35ad30d86e3189ce8db0c7393e58a3726145f0525cfc7d4b3179f6d4c4d45664f0fcbec56cf40dc17b3e5386d14d3092

Download Submit
memory/1836-0-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/1836-1-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/1836-2-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/1836-4-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download