b7ece76d42b01a4ca626421f8eb1b1d2e67b24e5f48f8042b91547fce2e8e453

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11e1cb4fbbe5336fb962a5231ca57b97.exe
Size

137KB
MD5

11e1cb4fbbe5336fb962a5231ca57b97
SHA1

4c9e749ff5fe09bf9428789240cab2fc44c42d95
SHA256

b7ece76d42b01a4ca626421f8eb1b1d2e67b24e5f48f8042b91547fce2e8e453
SHA512

106562525d819a7fd37f3f07ef1cd8289f5ba0703ae5ae840f484da069d2a471cbd48b9da5993784d43b83d01de8e9d30fca48974b39b88e81006cfbd66b3113
SSDEEP

3072:KbPN+Vmf91ASZ4L016HxawPQrwmy5MmtiJCMAiTBtPiSfL/U:KnJZJ1Gx9uwmy7g0biTj

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2520	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2520	2988	11e1cb4fbbe5336fb962a5231ca57b97.exe	28
PID 2988 wrote to memory of 2520	2988	11e1cb4fbbe5336fb962a5231ca57b97.exe	28
PID 2988 wrote to memory of 2520	2988	11e1cb4fbbe5336fb962a5231ca57b97.exe	28
PID 2988 wrote to memory of 2520	2988	11e1cb4fbbe5336fb962a5231ca57b97.exe	28

C:\Users\Admin\AppData\Local\Temp\11e1cb4fbbe5336fb962a5231ca57b97.exe
"C:\Users\Admin\AppData\Local\Temp\11e1cb4fbbe5336fb962a5231ca57b97.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Elj..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Elj..bat

Filesize
210B

MD5
a8702fa58f2e2adcd266c4d4e2860f08

SHA1
ee306b21837bcc163446c07f47ea250cfb711e50

SHA256
b793f72b2a3637a1f11eb08c9fe4e05c5e478380835a48ec61fc4896d22c82f3

SHA512
7e1453378046811e089dad8c21e537a04efe9909a3e24352fcd08565a8edfc5520fb556bbafbf69a60e5c233f2b2056b0fdab32cdf85fe0e0f89f110d0891937

Download Submit
memory/2988-0-0x00000000001B0000-0x00000000001DF000-memory.dmp

Filesize
188KB

Download
memory/2988-1-0x00000000001B0000-0x00000000001DF000-memory.dmp

Filesize
188KB

Download
memory/2988-2-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download
memory/2988-4-0x0000000000400000-0x0000000000425000-memory.dmp

Filesize
148KB

Download