e956dde755fbe6d0d329f46cff195356f87ab38dd32b3a8c00805938c46c3390

Analysis

max time kernel
144s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6deec82a2c98866576eaded66ce459f0.exe
Size

552KB
MD5

6deec82a2c98866576eaded66ce459f0
SHA1

316b2c3a15fafd14950f21200f64530f10f1004c
SHA256

e956dde755fbe6d0d329f46cff195356f87ab38dd32b3a8c00805938c46c3390
SHA512

d042f48d0c7c66ca55f61cfafff8d537b5eaa6d2a7305bfe20e86abaa8c137979b68011efd251358dd9dedd4ec8e4ab8919e665994ed6d5fcb1f9281a34b7fbc
SSDEEP

12288:EmkOyMJfsGNA6u7X7B9eQ3LPq8kecgm2+EN+LDmoVjFQN5WLqPP/huErwmIfYTqo:EfOyMJfsxDHegqXecgm2yDmoVjWN5yAt

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
556	is-FSKUE.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 556	2068	6deec82a2c98866576eaded66ce459f0.exe	19
PID 2068 wrote to memory of 556	2068	6deec82a2c98866576eaded66ce459f0.exe	19
PID 2068 wrote to memory of 556	2068	6deec82a2c98866576eaded66ce459f0.exe	19

C:\Users\Admin\AppData\Local\Temp\6deec82a2c98866576eaded66ce459f0.exe
"C:\Users\Admin\AppData\Local\Temp\6deec82a2c98866576eaded66ce459f0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Users\Admin\AppData\Local\Temp\is-R1NOA.tmp\is-FSKUE.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-R1NOA.tmp\is-FSKUE.tmp" /SL4 $A008E "C:\Users\Admin\AppData\Local\Temp\6deec82a2c98866576eaded66ce459f0.exe" 315513 52736
  2⤵
  - Executes dropped EXE
  PID:556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/556-7-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/556-14-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/556-17-0x0000000002210000-0x0000000002211000-memory.dmp

Filesize
4KB

Download
memory/2068-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2068-2-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2068-13-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download