764cc5407655c69e5dfc6db1dcb09b78fff87fb871a1baada831e981ea571762

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 12:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6f998f043fff06c682213194df3230f0.exe
Size

94KB
MD5

6f998f043fff06c682213194df3230f0
SHA1

eb9c81f1e45e394ae36bc2ad2f7a749e6a10251a
SHA256

764cc5407655c69e5dfc6db1dcb09b78fff87fb871a1baada831e981ea571762
SHA512

70fa8351af5dec582c5d045a3f295b6fba6d889780f759fab94ee5c18055852e9313b789ec289ee9f1c105744757f782ffd05d821ef7e2c91622f1b8659fb86c
SSDEEP

1536:7fg+M2Y9oH+cpTKeyaI0Z/od8bDbRvU5yYeVYXrgITAGXBB3exYEjpepikFIy:7fgyY9oH+cTKGI0Z/oooeVYXrgI0GXW4

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2748	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2748	2224	6f998f043fff06c682213194df3230f0.exe	28
PID 2224 wrote to memory of 2748	2224	6f998f043fff06c682213194df3230f0.exe	28
PID 2224 wrote to memory of 2748	2224	6f998f043fff06c682213194df3230f0.exe	28
PID 2224 wrote to memory of 2748	2224	6f998f043fff06c682213194df3230f0.exe	28

C:\Users\Admin\AppData\Local\Temp\6f998f043fff06c682213194df3230f0.exe
"C:\Users\Admin\AppData\Local\Temp\6f998f043fff06c682213194df3230f0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Bxj..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Bxj..bat

Filesize
210B

MD5
62b22a95f5d721f0c18bc0c3f00d6b3b

SHA1
0ad767bd2caae5568252722677eee00fac6671ea

SHA256
d0764c5e9dcbe045d02516faf12469db23c675c5c05a23fb423b56d61446b491

SHA512
5ec8f61fb350c2de160518bb922788dbb137ca184ce637c7599ac06a473279709f0ddfe774fb74b8a0bcb4b08cd5ca9b6b57f088778ca339170ad950edf2483c

Download Submit
memory/2224-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2224-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2224-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2224-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2224-5-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download