Analysis
-
max time kernel
122s -
max time network
125s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
25-12-2023 19:59
General
-
Target
39ce0d1e358e215b5c0380627ec7c5c4.exe
-
Size
490KB
-
MD5
39ce0d1e358e215b5c0380627ec7c5c4
-
SHA1
30a2521e36bd28ca3f031ba44f7246a8032e5ab3
-
SHA256
4c93817b83feae8a47e2174db299dcc968ecbb6f7b2a3c4e6aecee56d645ea04
-
SHA512
a8e8cd8820eb3c6bd8fd83d087f24c0475d3cfe28e93a503164b4b8f2fe9c3987462a5fe3a3ae234c02139660b188d19513392e954db4ab0fd25c7e1bb33deef
-
SSDEEP
3072:1828inqN7CMBrm+sCMpFdp/8VetHA2zx5:182xqB8+pkGYA2zx5
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\39ce0d1e358e215b5c0380627ec7c5c4.exe"C:\Users\Admin\AppData\Local\Temp\39ce0d1e358e215b5c0380627ec7c5c4.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\killa.exe"C:\Windows\killa.exe" 2C:\Users\Admin\AppData\Local\Temp\39ce0d1e358e215b5c0380627ec7c5c4.exe2⤵
- Deletes itself
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
490KB
MD539ce0d1e358e215b5c0380627ec7c5c4
SHA130a2521e36bd28ca3f031ba44f7246a8032e5ab3
SHA2564c93817b83feae8a47e2174db299dcc968ecbb6f7b2a3c4e6aecee56d645ea04
SHA512a8e8cd8820eb3c6bd8fd83d087f24c0475d3cfe28e93a503164b4b8f2fe9c3987462a5fe3a3ae234c02139660b188d19513392e954db4ab0fd25c7e1bb33deef