Analysis
-
max time kernel
119s -
max time network
136s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25/12/2023, 09:39
General
-
Target
14c258f4499295d4d59d8dcbcabf07d3.exe
-
Size
36KB
-
MD5
14c258f4499295d4d59d8dcbcabf07d3
-
SHA1
fe78aa862a3ff76c3b91a13e4df93581e6c7b45e
-
SHA256
79748686ce4e5632fecf1e46c64308614afea715cad2466860ad7fcdef9b5556
-
SHA512
009dbd322e6c5320d35d97a1f82984b9d6a3edaaff5c954d93a2503ef9f798f016ec3ee609b3d66b8a9eb69ccfb5931103988b81d132e225e2cbd4a0c0776a6b
-
SSDEEP
384:NLBjZRV8hNdRiNJBM0d5DhsxOV3rUh/2mnvEDHwb0nu+r1mP+fXN+E+pFt2:Pi0/dlhf3YnvEDQAn/mANqt
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\14c258f4499295d4d59d8dcbcabf07d3.exe"C:\Users\Admin\AppData\Local\Temp\14c258f4499295d4d59d8dcbcabf07d3.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\rundll32.exe"C:\Windows\System32\rundll32.exe" printui.dll PrintUIEntry /dl /n "123PDFConvert" /q2⤵
-