4aadef23f11dd8fdc214bea41b6f7819bf723f20f581fec84d38e3ab1d08ad94

Analysis

max time kernel
147s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 11:00

Target

1927f2ef1d2c636cf4115bce53cf0eab.exe
Size

56KB
MD5

1927f2ef1d2c636cf4115bce53cf0eab
SHA1

4b0f10a651e77f13100e1b20585d0c61961acab6
SHA256

4aadef23f11dd8fdc214bea41b6f7819bf723f20f581fec84d38e3ab1d08ad94
SHA512

b86d96f3cd8a2f8e369d4b5fae1ea61fa153055c968ddb7b4712754d8a358680d461b42f31eb0eb20c6e8eadc0de73489b3bfd8b141314baf164ca2e664f0abe
SSDEEP

768:fMyTlenToDMTEp1Gjy76rM9QXPvRePLrlteelpI:fGEYT5y39QXHRErjlpI

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2040 wrote to memory of 2112	2040	1927f2ef1d2c636cf4115bce53cf0eab.exe	29
PID 2040 wrote to memory of 2112	2040	1927f2ef1d2c636cf4115bce53cf0eab.exe	29
PID 2040 wrote to memory of 2112	2040	1927f2ef1d2c636cf4115bce53cf0eab.exe	29
PID 2040 wrote to memory of 2112	2040	1927f2ef1d2c636cf4115bce53cf0eab.exe	29

C:\Users\Admin\AppData\Local\Temp\1927f2ef1d2c636cf4115bce53cf0eab.exe
"C:\Users\Admin\AppData\Local\Temp\1927f2ef1d2c636cf4115bce53cf0eab.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2040
- C:\Users\Admin\AppData\Local\Temp\1927f2ef1d2c636cf4115bce53cf0eab.exe
  "C:\Users\Admin\AppData\Local\Temp\1927f2ef1d2c636cf4115bce53cf0eab.exe" -a
  2⤵
  PID:2112

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact