98cbd00493e64de385000783054b5175add428518d2a3cfb5e54936e7436602c

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26/12/2023, 16:05

Target

7b4da5148ba27b7637095b82edf3df6e.exe
Size

117KB
MD5

7b4da5148ba27b7637095b82edf3df6e
SHA1

54b37d36a6281ae33c9a46c48c999a54c238cead
SHA256

98cbd00493e64de385000783054b5175add428518d2a3cfb5e54936e7436602c
SHA512

7c6a2c032afa915eb78a9f1c35039d64e6fd26677ce4ef5312b5d179e24ad6ab91dc520b0c6ac376187140f810aa1dfdbd463beb8cba9c3d6eb87d46379047e5
SSDEEP

768:m5XPu2qUhOAnG3z3FTjvWgTTLb9TbC02rBYKGrxmIV8SssalhvFSUIOwWS:m5XPubUhOAG3zFj1TXV+YKcIIeSr8fi

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
3028	cmd.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/3052-2-0x0000000000400000-0x000000000046B000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
3052	7b4da5148ba27b7637095b82edf3df6e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 3028	3052	7b4da5148ba27b7637095b82edf3df6e.exe	29
PID 3052 wrote to memory of 3028	3052	7b4da5148ba27b7637095b82edf3df6e.exe	29
PID 3052 wrote to memory of 3028	3052	7b4da5148ba27b7637095b82edf3df6e.exe	29
PID 3052 wrote to memory of 3028	3052	7b4da5148ba27b7637095b82edf3df6e.exe	29

C:\Users\Admin\AppData\Local\Temp\7b4da5148ba27b7637095b82edf3df6e.exe
"C:\Users\Admin\AppData\Local\Temp\7b4da5148ba27b7637095b82edf3df6e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\a..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:3028

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\a..bat

Filesize
210B

MD5
559f0e79e653d1fdab5b9e378ec82beb

SHA1
b4dd2e15ce6c8b881b7875985eb95616dac0f7a2

SHA256
e1f8594294ae807e44ddc15cc6e484f6a7cfa27b60b66194c86a721c2354d441

SHA512
dd0520c727c745ffc406f495e4427b2a5b8c7c35ca302720f36b60a87a93451e16158d030e02317637f8fcc0590639f3dab639396038847be76567d0285e37d6

Download Submit
memory/3052-0-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/3052-2-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download