f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840

General

Target

f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe
Size

19.8MB
MD5

1ce5f9901fdf886e3d2a736e46ff0bed
SHA1

6ebe4d0fdd44093b6d34e945c1349a763bcfe159
SHA256

f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840
SHA512

36a885db5578c004d18586b60f263e18e9eff12c336a602e17dbe1adba02c9fe646b8396e47c234e2f8657ee69c85711651b04a73f9f5ed83edb608d1138abbb
SSDEEP

393216:fr2/uirYrXuf9pp8Zc05bDwJzEL6UkXmaNZk9sR0h+8IClWt1J+3STIHK6Lv:frfXyfbiZc0NDMzELjkWaNZDKh4t1JDW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2684	test.exe

Loads dropped DLL 2 IoCs

pid	Process
2652	f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe
2684	test.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2652	f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2652 wrote to memory of 2684	2652	f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe	28
PID 2652 wrote to memory of 2684	2652	f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe	28
PID 2652 wrote to memory of 2684	2652	f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe	28

C:\Users\Admin\AppData\Local\Temp\f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe
"C:\Users\Admin\AppData\Local\Temp\f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2652
- C:\Users\Admin\AppData\Local\Temp\onefile_2652_133480314677248000\test.exe
  "C:\Users\Admin\AppData\Local\Temp\f8e9452db5cf9f3cd70754aa0d03b291e2c04371c04739cd3a7461333a5a9840.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2652_133480314677248000\python311.dll

Filesize
5.5MB

MD5
65e381a0b1bc05f71c139b0c7a5b8eb2

SHA1
7c4a3adf21ebcee5405288fc81fc4be75019d472

SHA256
53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

SHA512
4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2652_133480314677248000\test.exe

Filesize
8.8MB

MD5
991c18cfdaca9275644441390248f556

SHA1
ad8a99ceb446fbb60d8447358230a10d3c3ab173

SHA256
6e6bdbf8eaef20d9efb2360cf659066cca2629c3e0d7bf3cb173dc6420e6a347

SHA512
2ee3882d8d02d9e2d1b727776b74b27fed6471cce8bb3e889f2d77de7d294373e4bd060185726aaaea5474997e6b80c996bb5c81191790100a581c1edf05fa3a

Download Submit
memory/2652-19-0x00000000772E0000-0x00000000772E2000-memory.dmp

Filesize
8KB

Download
memory/2652-2-0x00000000772B0000-0x00000000772B2000-memory.dmp

Filesize
8KB

Download
memory/2652-5-0x00000000772C0000-0x00000000772C2000-memory.dmp

Filesize
8KB

Download
memory/2652-8-0x00000000772C0000-0x00000000772C2000-memory.dmp

Filesize
8KB

Download
memory/2652-10-0x0000000077100000-0x00000000772A9000-memory.dmp

Filesize
1.7MB

Download
memory/2652-11-0x00000000772C0000-0x00000000772C2000-memory.dmp

Filesize
8KB

Download
memory/2652-12-0x00000000772D0000-0x00000000772D2000-memory.dmp

Filesize
8KB

Download
memory/2652-14-0x00000000772D0000-0x00000000772D2000-memory.dmp

Filesize
8KB

Download
memory/2652-16-0x00000000772D0000-0x00000000772D2000-memory.dmp

Filesize
8KB

Download
memory/2652-17-0x00000000772E0000-0x00000000772E2000-memory.dmp

Filesize
8KB

Download
memory/2652-0-0x00000000772B0000-0x00000000772B2000-memory.dmp

Filesize
8KB

Download
memory/2652-21-0x00000000772E0000-0x00000000772E2000-memory.dmp

Filesize
8KB

Download
memory/2652-6-0x000000013FE30000-0x00000001420E1000-memory.dmp

Filesize
34.7MB

Download
memory/2652-26-0x00000000772F0000-0x00000000772F2000-memory.dmp

Filesize
8KB

Download
memory/2652-22-0x00000000772F0000-0x00000000772F2000-memory.dmp

Filesize
8KB

Download
memory/2652-29-0x000007FEFD290000-0x000007FEFD292000-memory.dmp

Filesize
8KB

Download
memory/2652-31-0x000007FEFD290000-0x000007FEFD292000-memory.dmp

Filesize
8KB

Download
memory/2652-36-0x000007FEFD2A0000-0x000007FEFD2A2000-memory.dmp

Filesize
8KB

Download
memory/2652-34-0x000007FEFD2A0000-0x000007FEFD2A2000-memory.dmp

Filesize
8KB

Download
memory/2652-37-0x000000013FE30000-0x00000001420E1000-memory.dmp

Filesize
34.7MB

Download
memory/2652-4-0x00000000772B0000-0x00000000772B2000-memory.dmp

Filesize
8KB

Download
memory/2652-24-0x00000000772F0000-0x00000000772F2000-memory.dmp

Filesize
8KB

Download
memory/2652-89-0x000000013FE30000-0x00000001420E1000-memory.dmp

Filesize
34.7MB

Download
memory/2652-88-0x0000000077100000-0x00000000772A9000-memory.dmp

Filesize
1.7MB

Download
memory/2684-66-0x000000013FE20000-0x000000014070A000-memory.dmp

Filesize
8.9MB

Download

Analysis

Sharing