5b24857f9a1ff100837ebf216c039db7c4f8429f3a0c05d454f204833a1d75f7

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 09:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

139725b8f5bf973c2b4a7cbaa9145544.exe
Size

110KB
MD5

139725b8f5bf973c2b4a7cbaa9145544
SHA1

05789a886b08a679c4ec473383307fa4f01ecad6
SHA256

5b24857f9a1ff100837ebf216c039db7c4f8429f3a0c05d454f204833a1d75f7
SHA512

b163e20c7e5a2a3b20bb72506f1aeddbf3c947d8df993917b764b10b9aa1af1e87fdc65afc32dfbffcff18e2c6f2fe54d30ed8a31642620c4565461c6c640c74
SSDEEP

1536:AUAdaM1qL7ZpRlu7XqCvO1/WYBpR6kS/Vqy9DhAobOBUFQX1nOz:A9djM3u7Xq1BPy3hoUFkpO

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1716	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2892 wrote to memory of 1716	2892	139725b8f5bf973c2b4a7cbaa9145544.exe	28
PID 2892 wrote to memory of 1716	2892	139725b8f5bf973c2b4a7cbaa9145544.exe	28
PID 2892 wrote to memory of 1716	2892	139725b8f5bf973c2b4a7cbaa9145544.exe	28
PID 2892 wrote to memory of 1716	2892	139725b8f5bf973c2b4a7cbaa9145544.exe	28

C:\Users\Admin\AppData\Local\Temp\139725b8f5bf973c2b4a7cbaa9145544.exe
"C:\Users\Admin\AppData\Local\Temp\139725b8f5bf973c2b4a7cbaa9145544.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2892
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Zgp..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:1716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Zgp..bat

Filesize
210B

MD5
8d9e1e6ccb7b74ab7fbb084fbf737f44

SHA1
9a30117df3786c2321d76aaa1a010ab2d601156c

SHA256
9c49adfab35fef33dde3f7351ae49c1102a4d691541579b2a3381b565637d53e

SHA512
9e392766b7443883c57c27f7c6ed0ad2b5fd8fa634b31ecd6d34b2e734f82e502ba46e92a1112e08a08540f7344152942384d857bba8f671573ba4182f1b2c5d

Download Submit
memory/2892-1-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2892-0-0x0000000000160000-0x0000000000174000-memory.dmp

Filesize
80KB

Download
memory/2892-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download