417830cb9563494c911bf0b2952c3b0d3384e43d6deb9f8c17ed5a70ed9436d9

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1374128f019d0886944914ce1b3808f7.exe
Size

121KB
MD5

1374128f019d0886944914ce1b3808f7
SHA1

04e472333294d6806b8a2c8d8fa013cdd7ff3059
SHA256

417830cb9563494c911bf0b2952c3b0d3384e43d6deb9f8c17ed5a70ed9436d9
SHA512

af3ac5d7e75d2e64e2117d63fae955e7053e00fd914641cbc81c8a9663fc2361ee902bdad9d0fe8f8d8a293061b931df2c8fab3e6c9426d1785855fcecdf5937
SSDEEP

1536:iUK3ATn6Q1w6ZnBbWxu5hb86HTU879i0PORJrqpzuQfhH+:SwTJPl9Wxuw6HTqR4ph

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2652	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 2652	2600	1374128f019d0886944914ce1b3808f7.exe	29
PID 2600 wrote to memory of 2652	2600	1374128f019d0886944914ce1b3808f7.exe	29
PID 2600 wrote to memory of 2652	2600	1374128f019d0886944914ce1b3808f7.exe	29
PID 2600 wrote to memory of 2652	2600	1374128f019d0886944914ce1b3808f7.exe	29

C:\Users\Admin\AppData\Local\Temp\1374128f019d0886944914ce1b3808f7.exe
"C:\Users\Admin\AppData\Local\Temp\1374128f019d0886944914ce1b3808f7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Cgf..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cgf..bat

Filesize
210B

MD5
e3afae8c60c467cf0fe69bd7be274039

SHA1
6e6dcbf8e8c16129f55f206b612e5bba75ea13fc

SHA256
7b7a49dc712fc6ceb6ca7bd6c878ff6b116a2ce4cab7a93c91812b59248e17e2

SHA512
16154fb67c3d0091c7b0ca42674c54348efa9105d6a12704dd4639041de7a8016c83a4b9a243db674bb44d8d4497af45432a43ff965703cb8e259412d82a7ed1

Download Submit
memory/2600-0-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2600-1-0x00000000003B0000-0x00000000003BF000-memory.dmp

Filesize
60KB

Download
memory/2600-2-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/2600-4-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download