6e125dda2461028f2afd60ca52266dea17803e111faaecd53c80cf0986518171

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11eea9949a33caf0be56ba89dda5c6b1.exe
Size

127KB
MD5

11eea9949a33caf0be56ba89dda5c6b1
SHA1

2489b4cf77a095b917a4aad99946c6ef1e5e4ba5
SHA256

6e125dda2461028f2afd60ca52266dea17803e111faaecd53c80cf0986518171
SHA512

14a11e3e535c15b1e7bb68261971a97dc0b1b83106165aa27741484962233f74a4cd9a617009044b5a90d13d2d9efb556c48cc25be15a8d7666fd0474daa5233
SSDEEP

3072:PjYPFI+zeOKndRzAlSWc+SeLebsbJ3IQQ0jKNKSfL/U:PEhzNsslSyRagbJ3IQQJ

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
848	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 848	1736	11eea9949a33caf0be56ba89dda5c6b1.exe	28
PID 1736 wrote to memory of 848	1736	11eea9949a33caf0be56ba89dda5c6b1.exe	28
PID 1736 wrote to memory of 848	1736	11eea9949a33caf0be56ba89dda5c6b1.exe	28
PID 1736 wrote to memory of 848	1736	11eea9949a33caf0be56ba89dda5c6b1.exe	28

C:\Users\Admin\AppData\Local\Temp\11eea9949a33caf0be56ba89dda5c6b1.exe
"C:\Users\Admin\AppData\Local\Temp\11eea9949a33caf0be56ba89dda5c6b1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1736
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Tpz..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:848

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tpz..bat

Filesize
210B

MD5
de0f1f27277222b96513e9942009691a

SHA1
0b4496340d97d529c876220c308655a4af0a50d9

SHA256
466c6599680685bc6534e685a7f8134786b27182c1ce8f20af6280c7cfe99e09

SHA512
2d2840793f30e5db7e6f36d408838b7e39adce15e5619cdded95bdd80f3af72b260ba5f2b910643cd796feaf6add5985ffa2525eec304a077830c83c5c71359c

Download Submit
memory/1736-0-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1736-1-0x0000000000220000-0x000000000024E000-memory.dmp

Filesize
184KB

Download
memory/1736-2-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/1736-4-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download