Overview

overview

8

Static

static

3

2b78a9fef4...e0.exe

windows7-x64

8

2b78a9fef4...e0.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25/12/2023, 16:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2b78a9fef498f8d291408b167c47e7e0.exe

  • Size

    162KB

  • MD5

    2b78a9fef498f8d291408b167c47e7e0

  • SHA1

    1187e56c1938527111d0ecf95811945682f1b8b2

  • SHA256

    bdcfbdcd12bd2260d73bf0187b5b720277de8e9e059275304e9f9f75eb70ed62

  • SHA512

    ef3626c2257c6c78259ff58a880ad333d4aad55a2a11ed1489eb2e9f03068bf840eb47b87e47716af3dc9bc4b9c0ffe67af4410748342cedbe34894d924031e2

  • SSDEEP

    3072:QaF6FISxuJ8JwIGATL8DFKNbLmxcbTefkTmr3yiRnDLARyBJNtwcLCW+WppXXT:JOMqdHtLZbafVznDLA4BJNJ5+apXXT

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2b78a9fef498f8d291408b167c47e7e0.exe
    "C:\Users\Admin\AppData\Local\Temp\2b78a9fef498f8d291408b167c47e7e0.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4740
    • C:\Users\Admin\AppData\Local\Temp\55.exe
      "C:\Users\Admin\AppData\Local\Temp\55.exe" 7022
      2⤵
      • Drops file in Drivers directory
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in System32 directory
      PID:4620

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\55.exe
    Filesize

    126KB

    MD5

    20f2c12bec56ca3108b77074998d7624

    SHA1

    612f2e732f460e492b56f658a48d157f53e34ca2

    SHA256

    b2ea8203d010efb15e9272f282836747e50f6d450507c9d66f0ce9d882a08c1f

    SHA512

    b7e985328d135bd541bc9eaf5acce7c02f2ebdefb6e861bfc088f17e7037ed1de1a4c8d8e8b5b7fa05c35d42eb07254ad57f4f069c2ac73a6728c84f1fc2a45a

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\DoSSSetup.dll
    Filesize

    72KB

    MD5

    292975cdcc2c9a5d2ceab42d55f3ca44

    SHA1

    67d7dc2fdbd8f7613f0c09d3d379d03541912098

    SHA256

    0ce54a891beb46b1fd27e1fb7ce440826436a35fb2b9255495586c6883f2ebbf

    SHA512

    b14d84b92315bb4a66df7f081b8a271d8e1c23d85de737c74178772363300d1c4cb9fbca2bd86fc85bfe2e8774f0caaeef9c8228676a2e6b23e9a1753d63d91d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\acpidisk.sys
    Filesize

    194KB

    MD5

    ee4d20481c291eb2f6d70d013c9a4725

    SHA1

    697a45c22ddba20b20655a00c826e275a5afa4c7

    SHA256

    ebbdfaca077eb30d485c3db2427a0033940b080bfe32eed350911a1918dddfc8

    SHA512

    01142334775b1de3bfc4cd901fab3914cd860bd9d088d6b240ecdca7c8d72dfa1e382a37aaf60055770da94068c9d9d2dd0f008bd1cec624584f5b7e83670f40

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsd81B4.tmp\System.dll
    Filesize

    10KB

    MD5

    61151aff8c92ca17b3fab51ce1ca7156

    SHA1

    68a02015863c2877a20c27da45704028dbaa7eff

    SHA256

    af15ef6479e5ac5752d139d1c477ec02def9077df897dadc8297005b3fc4999d

    SHA512

    4f5c943b7058910dc635bdcfadfea1d369c3d645239d1a52b030c21f43aac8e76549e52fd28e38ba5341d32aefe3c090dd8377d9e105ad77f71ab8870d8e326e

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\nsw7DEC.tmp\System.dll
    Filesize

    9KB

    MD5

    afd989ef7eec6bf952bedfce541fe236

    SHA1

    5654b71c5b1089c2cec6381d8da5bd14a14e1a37

    SHA256

    5e97602008ba004c72d58f71e77ffe0a0ea01103867eb12a9ec0f28e72f440d8

    SHA512

    f4e3d88477d39218667dd482a08904b2b69435db7d1fdd492380544aff83895d393a288c329da69074b69c68f51db45f694dfea81fc12fa2042ed43b3d06440c

    Download Submit

  • memory/4620-23-0x0000000002170000-0x0000000002183000-memory.dmp

    Filesize

    76KB

    Download