72ec8deb23ede0161565b4af1f5964b95d84ee34f56db170d8550773501c4db0

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66be650669d2ccbde90fdedbf7b50b6c.exe
Size

94KB
MD5

66be650669d2ccbde90fdedbf7b50b6c
SHA1

59c8df5e6743da089d192b6478614f6991d3214a
SHA256

72ec8deb23ede0161565b4af1f5964b95d84ee34f56db170d8550773501c4db0
SHA512

6a659e2f7d9ed42d029fd145fd3b72838a447fc58b5d6c624c3c8e544e8f6c6c4218e299e90b2073fefb80e3f9f889fae430c9e78d8eea714ae007b35a293a57
SSDEEP

1536:rfg+M2Y9oH+cpTKeyaI0Z/od8bDbRvU5yYeVYXrgITAGXBB3exYEjpepikFIy:rfgyY9oH+cTKGI0Z/oooeVYXrgI0GXW4

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2724	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2896 wrote to memory of 2724	2896	66be650669d2ccbde90fdedbf7b50b6c.exe	29
PID 2896 wrote to memory of 2724	2896	66be650669d2ccbde90fdedbf7b50b6c.exe	29
PID 2896 wrote to memory of 2724	2896	66be650669d2ccbde90fdedbf7b50b6c.exe	29
PID 2896 wrote to memory of 2724	2896	66be650669d2ccbde90fdedbf7b50b6c.exe	29

C:\Users\Admin\AppData\Local\Temp\66be650669d2ccbde90fdedbf7b50b6c.exe
"C:\Users\Admin\AppData\Local\Temp\66be650669d2ccbde90fdedbf7b50b6c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2896
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Izz..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Izz..bat

Filesize
210B

MD5
2517bfd33f96ee51738272d624a2d9ee

SHA1
d468109d937df3a9cddffbffeeec50099c7644a0

SHA256
12df3e32f3f66a1687d28589c731895256e2118cedb6d5992ac9f5e949842d8e

SHA512
ceaa428038a8e75fd9f94c4bc58d79f7e53d5364da71a165ccc7248f1d0deb2355949d3a03d8487129ea4aa6d27ee0c57e0a2d63b6c324567c72d7699b281bf9

Download Submit
memory/2896-1-0x00000000001C0000-0x00000000001C1000-memory.dmp

Filesize
4KB

Download
memory/2896-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2896-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2896-4-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download