Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
25-12-2023 16:46
Static task
static1
Behavioral task
behavioral1
Sample
2e48b6cb1fa4276a480e9a58937a0022.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
2e48b6cb1fa4276a480e9a58937a0022.exe
Resource
win10v2004-20231222-en
General
-
Target
2e48b6cb1fa4276a480e9a58937a0022.exe
-
Size
100KB
-
MD5
2e48b6cb1fa4276a480e9a58937a0022
-
SHA1
c68a4ad89f327dc357ee92cadb94a948f2f604c3
-
SHA256
79f5fbfa2b82ff0d81af034dc7dcd07d15c3bc0ee60cd5bd68e515eb55104157
-
SHA512
b8b0e046fee731b7f472a138b54ee439d2a1cf89d9fe671870ab4d36e52f5010365810691386cb2119cd83b52300b0aeea3838f628533f7570c0cd2ba5c37daf
-
SSDEEP
3072:sGQHl1Cr3bSsHEIxLzkk3greqzSbXm8jbxDhh81:pQF1Cr3bSsHEIxL5g1eLmIdf8
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2192 cmd.exe -
resource yara_rule behavioral1/memory/1748-3-0x0000000000400000-0x000000000042A000-memory.dmp upx behavioral1/memory/1748-5-0x0000000000400000-0x000000000042A000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 1748 2e48b6cb1fa4276a480e9a58937a0022.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1748 wrote to memory of 2192 1748 2e48b6cb1fa4276a480e9a58937a0022.exe 29 PID 1748 wrote to memory of 2192 1748 2e48b6cb1fa4276a480e9a58937a0022.exe 29 PID 1748 wrote to memory of 2192 1748 2e48b6cb1fa4276a480e9a58937a0022.exe 29 PID 1748 wrote to memory of 2192 1748 2e48b6cb1fa4276a480e9a58937a0022.exe 29
Processes
-
C:\Users\Admin\AppData\Local\Temp\2e48b6cb1fa4276a480e9a58937a0022.exe"C:\Users\Admin\AppData\Local\Temp\2e48b6cb1fa4276a480e9a58937a0022.exe"1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1748 -
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Urb..bat" > nul 2> nul2⤵
- Deletes itself
PID:2192
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
210B
MD503d0daa8ed5d20cec7518804da40f5c7
SHA1c78a19c10d5c84bb9f5cf9026d5034dbc193a143
SHA25694346fb0dfd3081bd245faeb04b17cc9b7ddd7f8fdbfe66d957e9d8544fd4fdd
SHA5128d8130e9512994f77d0b77a021eb768023ea8c9e456d45725a5e3f88d10e2533edcda0eeec55771fcd4fa129e6827f5ae9d0eea7002b8692573eda558597d0a1