73f4006f8f42d1c5c4644c02513082b5e0c5e15465c667c8de0e2d4a652b1dc4

Analysis

max time kernel
144s
max time network
157s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5853abf213e5cdaeae074d9dbbf6098b.exe
Size

226KB
MD5

5853abf213e5cdaeae074d9dbbf6098b
SHA1

d4c6d38e5ad574c4e07b33b3c342be45726af04d
SHA256

73f4006f8f42d1c5c4644c02513082b5e0c5e15465c667c8de0e2d4a652b1dc4
SHA512

2ac3eb5ff36c1dbf2d8a5ec7543ff31449f0da462cb35576a2ab0bb73ae79feac1d91fb3c6f92b2e58cb962d4bcfa0fe8bde16229e199709d16a4eadc47ff691
SSDEEP

6144:C1QLJQL0gTTuQ0quhsf7KjMdcornRZAArCgLADMJ82PeAUyFd:x2oITuQ0qugKjzEfbrCnm82PevS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2688	generator.exe

Loads dropped DLL 2 IoCs

pid	Process
2268	5853abf213e5cdaeae074d9dbbf6098b.exe
2268	5853abf213e5cdaeae074d9dbbf6098b.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\directx.exe	5853abf213e5cdaeae074d9dbbf6098b.exe
File opened for modification	C:\Windows\SysWOW64\directx.exe	5853abf213e5cdaeae074d9dbbf6098b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2688	2268	5853abf213e5cdaeae074d9dbbf6098b.exe	28
PID 2268 wrote to memory of 2688	2268	5853abf213e5cdaeae074d9dbbf6098b.exe	28
PID 2268 wrote to memory of 2688	2268	5853abf213e5cdaeae074d9dbbf6098b.exe	28
PID 2268 wrote to memory of 2688	2268	5853abf213e5cdaeae074d9dbbf6098b.exe	28

C:\Users\Admin\AppData\Local\Temp\5853abf213e5cdaeae074d9dbbf6098b.exe
"C:\Users\Admin\AppData\Local\Temp\5853abf213e5cdaeae074d9dbbf6098b.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Users\Admin\AppData\Local\Temp\generator.exe
  "C:\Users\Admin\AppData\Local\Temp\generator.exe"
  2⤵
  - Executes dropped EXE
  PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\generator.exe

Filesize
163KB

MD5
ec264de3e9f120078e3f2533e51e1842

SHA1
cebb108a745c774d6ba93f9cf9516e54f06dca18

SHA256
efd903c2a5382b57068aa06022642d1cdaaba97591f1177503f47b0466f46016

SHA512
6095098f0c1610c9a2113938c8a7e7d0ab34d67da75d8d4d87aae1491c0d889ac79f72fd49a71ed2726e8b3183e1f5da8f1231b34b6d81c851e5ec13c3f75a97

Download Submit
memory/2268-0-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2268-21-0x0000000000400000-0x0000000000404000-memory.dmp

Filesize
16KB

Download
memory/2688-14-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download
memory/2688-16-0x0000000000400000-0x000000000045E000-memory.dmp

Filesize
376KB

Download