14e9f33dda0a03795365fe5552834d626bf908b3756608fa56c4bd54bd26e239

Analysis

max time kernel
143s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 07:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5c4c0efe58df7e6ff24179cd765216a4.exe
Size

1.0MB
MD5

5c4c0efe58df7e6ff24179cd765216a4
SHA1

d11a9a5c27c53dc1adb3347dc1553a0645b84a36
SHA256

14e9f33dda0a03795365fe5552834d626bf908b3756608fa56c4bd54bd26e239
SHA512

511d468d2a331e24b3f03eb33c3967986c16290c98bb7e04934ac047c6eb44572b5c8068a5d428f00e7d715f60f25c629fb6183f58a6bdc5833148b529aac368
SSDEEP

24576:0hQrVT8SF0i2zmLJA9NbgUjQH/Txx0HJ7C/ly:u6ySFN2KLJQ24k/gJCU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
548	5c4c0efe58df7e6ff24179cd765216a4.tmp

Loads dropped DLL 2 IoCs

pid	Process
548	5c4c0efe58df7e6ff24179cd765216a4.tmp
548	5c4c0efe58df7e6ff24179cd765216a4.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
548	5c4c0efe58df7e6ff24179cd765216a4.tmp
548	5c4c0efe58df7e6ff24179cd765216a4.tmp
548	5c4c0efe58df7e6ff24179cd765216a4.tmp
548	5c4c0efe58df7e6ff24179cd765216a4.tmp

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 548	4176	5c4c0efe58df7e6ff24179cd765216a4.exe	87
PID 4176 wrote to memory of 548	4176	5c4c0efe58df7e6ff24179cd765216a4.exe	87
PID 4176 wrote to memory of 548	4176	5c4c0efe58df7e6ff24179cd765216a4.exe	87

C:\Users\Admin\AppData\Local\Temp\5c4c0efe58df7e6ff24179cd765216a4.exe
"C:\Users\Admin\AppData\Local\Temp\5c4c0efe58df7e6ff24179cd765216a4.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Users\Admin\AppData\Local\Temp\is-2BG1I.tmp\5c4c0efe58df7e6ff24179cd765216a4.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2BG1I.tmp\5c4c0efe58df7e6ff24179cd765216a4.tmp" /SL5="$7016E,294381,160256,C:\Users\Admin\AppData\Local\Temp\5c4c0efe58df7e6ff24179cd765216a4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2BG1I.tmp\5c4c0efe58df7e6ff24179cd765216a4.tmp

Filesize
1.2MB

MD5
ff51b3686f50c07214d6f8abbaf15cf3

SHA1
53b116e9aede862d39be5fe15522f69699ec1fe5

SHA256
8f0f3d4fd5dcd5ff49bb484d01a170bd0b2714250141cd61d01b2ee8adb1517b

SHA512
46f5a203d9fb15acd2cd4cb003167b320e7b341b2ed66d09ae522b22e3ffa743be958ea830167c905e62aa8e1ad7babf9b48131d5e6629fa3c76485ea2843ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2BG1I.tmp\5c4c0efe58df7e6ff24179cd765216a4.tmp

Filesize
1.1MB

MD5
fc8695ccbebce5488a4baa402d9c64ce

SHA1
8b7aeb843ed79fee18e14a37f17e49497cab7878

SHA256
abc60215d921d1441da2458dc6cb022f030419e19e5270a2848d2d0387865524

SHA512
d4d8e792046720ac448eb51858e14eff9c187e27f1f130c3b9a7f7e3992f5c4abe42a1f796c1b1075fc3f121393474928914a6848c430e195353aba79b395df5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R5LMK.tmp\DownLib.dll

Filesize
226KB

MD5
1c8c92fe26150d403eb0a1fb826ea513

SHA1
a589ac8c5026c84485ba81dd745949dd82328256

SHA256
f73c564ce5315f2a24f1d9758f39917d8c35c1dfd6d9bf1bc0e32f29a914834f

SHA512
0478aad9511c2581cc8c5eb5a76f050a5f28ad841c02ac15116fcdf20e7ea65e268d508ac7c9f20d045ba3a234363499fd30cc95e73602f1debdacd736c64e8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R5LMK.tmp\tbr_dots.bmp

Filesize
164B

MD5
adc799ec79eeaef366ea4dddf099c3ae

SHA1
556c915615a34a2499604b7b732ab304b20fdd4e

SHA256
7e7f18c73560f9c020abe1ab1f22705083281e2ea16ab0030fc927901b5b5d1e

SHA512
76962a17cc26d3f9886828be4e43373ac530165e1c627272ed7c0bc731133e97608e55d2e31f44592aad0d0974352155f41a0718aa0666ec128406b1050c1d6c

Download Submit
memory/548-7-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/548-17-0x0000000003360000-0x00000000033A2000-memory.dmp

Filesize
264KB

Download
memory/548-52-0x0000000000400000-0x000000000054C000-memory.dmp

Filesize
1.3MB

Download
memory/548-53-0x0000000003360000-0x00000000033A2000-memory.dmp

Filesize
264KB

Download
memory/548-57-0x0000000000760000-0x0000000000761000-memory.dmp

Filesize
4KB

Download
memory/4176-0-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4176-2-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download
memory/4176-51-0x0000000000400000-0x000000000042E000-memory.dmp

Filesize
184KB

Download