c61145569be40ad0c88c997c46823b6acd7074a3eca53de37b3eb69515a8e057

Analysis

max time kernel
120s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 02:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b66d116ae8f6c5c1bf40f8663e3dcbd.exe
Size

99KB
MD5

4b66d116ae8f6c5c1bf40f8663e3dcbd
SHA1

118c48c4c416022044462b1cde5d527dd44efa1c
SHA256

c61145569be40ad0c88c997c46823b6acd7074a3eca53de37b3eb69515a8e057
SHA512

7939b749590ccdc927896f446af94f3f4dbeec1d41606d1471734a5fba9bd2acb78cf7a2ba10583978eef3ab28df77b86c0fcf73d30855352eed94ebd37411b5
SSDEEP

1536:1LGMiQzmE0pQNd0QVrJolnhDlK1k9ebvjyrV7vKhv8k5n:pN0Yd0QTYnV4kIby9k5n

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2776	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2648 wrote to memory of 2776	2648	4b66d116ae8f6c5c1bf40f8663e3dcbd.exe	28
PID 2648 wrote to memory of 2776	2648	4b66d116ae8f6c5c1bf40f8663e3dcbd.exe	28
PID 2648 wrote to memory of 2776	2648	4b66d116ae8f6c5c1bf40f8663e3dcbd.exe	28
PID 2648 wrote to memory of 2776	2648	4b66d116ae8f6c5c1bf40f8663e3dcbd.exe	28

C:\Users\Admin\AppData\Local\Temp\4b66d116ae8f6c5c1bf40f8663e3dcbd.exe
"C:\Users\Admin\AppData\Local\Temp\4b66d116ae8f6c5c1bf40f8663e3dcbd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2648
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Qdj..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Qdj..bat

Filesize
210B

MD5
6b70f428066e0858030ee34961a4a865

SHA1
1481add9f345bc76bbcbfb2ce9e67da477c82697

SHA256
39a160c9860cceb1717d65bbf512ef4a8b0897ccf71dd2c263e0ce982631881a

SHA512
14535c76fb0efd2268d38aa9b9885e1202bbec21495ec8f7e5b39e835c428417cd8fdea9e7805c32a959417c9ce454008f0de105f7f8c50636d56f46e1ac0f5c

Download Submit
memory/2648-0-0x0000000000220000-0x0000000000235000-memory.dmp

Filesize
84KB

Download
memory/2648-1-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2648-2-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download
memory/2648-4-0x0000000000400000-0x000000000041B000-memory.dmp

Filesize
108KB

Download