6dd36eec52d0647f2e31337f62390fff9a7eca4295470d37e42d94c7a113c9ef

Analysis

max time kernel
1s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 08:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1295b4cdd423d8592302bae34bdc279c.exe
Size

142KB
MD5

1295b4cdd423d8592302bae34bdc279c
SHA1

5a73993f4a78d48a2ed07192d04c3f0a8e8074b5
SHA256

6dd36eec52d0647f2e31337f62390fff9a7eca4295470d37e42d94c7a113c9ef
SHA512

7fad15f0685b96f66a5e73cb821b940fba3d2c3acf150016a5926c7ce940e1b17490c50e71765d6eb3c21d1b9598e6e3501ee1388b01f0810d47bbd8eb4d413a
SSDEEP

3072:SnOn7t7XpdpCCTg/sxFgJKeqgKJ+BC1Cwz0OyChwjEIdPxw/Ulu:SKpdcCrTdgKUaGQIdq5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2440	downloadmr.exe

Loads dropped DLL 2 IoCs

pid	Process
1908	1295b4cdd423d8592302bae34bdc279c.exe
1908	1295b4cdd423d8592302bae34bdc279c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1908 wrote to memory of 2440	1908	1295b4cdd423d8592302bae34bdc279c.exe	22
PID 1908 wrote to memory of 2440	1908	1295b4cdd423d8592302bae34bdc279c.exe	22
PID 1908 wrote to memory of 2440	1908	1295b4cdd423d8592302bae34bdc279c.exe	22

C:\Users\Admin\AppData\Local\Temp\1295b4cdd423d8592302bae34bdc279c.exe
"C:\Users\Admin\AppData\Local\Temp\1295b4cdd423d8592302bae34bdc279c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1908
- C:\Users\Admin\AppData\Local\Temp\nst4F4B.tmp\downloadmr.exe
  C:\Users\Admin\AppData\Local\Temp\nst4F4B.tmp\downloadmr.exe /u4dc9054e-38b0-4614-bdd5-20605bc06f26 /e2723777
  2⤵
  - Executes dropped EXE
  PID:2440

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nst4F4B.tmp\System.dll

Filesize
21KB

MD5
5ebc73650256e9c8ddbcda231db829a1

SHA1
988d4535e18754ab2a6248abae96c5697d7dbcd5

SHA256
1eaa543842df7795404184e8892a1654b0773dbc9bd8b54c7fdb9e68f4355493

SHA512
b21266e76fc7263af982a1336a766e47ccf348ed56b305dbb09f03574c9b2a7309f12200e80d86f9a251381be6e87a41206447f11c51899cb31fba10da1d5270

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4F4B.tmp\System.dll

Filesize
13KB

MD5
681989da7f06b4fb69bd5bc13bf5089f

SHA1
232c3b185e3fe7904beba9358f872ba151e7f67e

SHA256
bdba2d411d967a1b64140e41de7d131d3768f56a173a51af01e9ac9a31b3fb40

SHA512
ec43fbbc3d636c6cf14e3fb3fa93f61dee8521ca4b578585798c34a6851abe8b527192ff39600c6688a285c33b8779b5dac787f907dff59d8917955486aa653b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4F4B.tmp\System.dll

Filesize
1KB

MD5
8143e59c2b92661b705733d2ac1abe10

SHA1
d9ac6750f186ad7025ce4e03082fc6b3116a3294

SHA256
298d293a33588c53853c11884f93bf103d0716cdb7fcfbb4f1efaaa8b9aeb5b3

SHA512
1eb9f318db0e5b409d61a8eb7a80016ac912bb7639b04b5ece8d10bedcf3881e52d27ee47769e37ba332e82bad3c826b633067557133b8fa7bce7dd4c436ad77

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4F4B.tmp\downloadmr.exe

Filesize
50KB

MD5
7f137aa8bb2b2c7bff9f05371b901d7f

SHA1
f4ea6d6a1dc5df443d11adc3172b869b2321c31e

SHA256
d169f80d5e7aa59251a4d4a126e5252af853802f5867270d116ea801ce7d6d48

SHA512
9a924f316fbe35722551942d7c1f7f7b20cab3b3c288a5fd23f7e1d32573e03572f9df00870decb3f9ab910ab08a032f3f95f1261d052bb4c421c6607f123bc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst4F4B.tmp\downloadmr.exe

Filesize
48KB

MD5
94c3ec33d6e9190b575eb39002381352

SHA1
5733195b2805ba6be2f1faf82e853be3781f2fe4

SHA256
05412daef3ac1c2d8145dec8bde479fca87a505378c8aa216033c640e8bd2cfd

SHA512
247181cde92a33c296cc12f895ebcec8659d6c95cb6102eb2e18015d2a0c6195a9cd5b6bd4a54ebef8c15f5fa35048add6db906b74965278922a8b140a14dff2

Download Submit
memory/1908-24-0x0000000000400000-0x000000000043F000-memory.dmp

Filesize
252KB

Download
memory/2440-14-0x0000000074120000-0x00000000746D1000-memory.dmp

Filesize
5.7MB

Download
memory/2440-15-0x0000000001510000-0x0000000001520000-memory.dmp

Filesize
64KB

Download
memory/2440-17-0x0000000001510000-0x0000000001520000-memory.dmp

Filesize
64KB

Download
memory/2440-16-0x0000000001510000-0x0000000001520000-memory.dmp

Filesize
64KB

Download
memory/2440-18-0x0000000001510000-0x0000000001520000-memory.dmp

Filesize
64KB

Download
memory/2440-13-0x0000000074120000-0x00000000746D1000-memory.dmp

Filesize
5.7MB

Download
memory/2440-20-0x0000000074120000-0x00000000746D1000-memory.dmp

Filesize
5.7MB

Download