7d4acccff51d024cd9fbd469234db6cacd04423a60e01eae3efbb8b9f6a7ceb2

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

05384943110d8f656428854ffdc73bee.exe
Size

471KB
MD5

05384943110d8f656428854ffdc73bee
SHA1

7aa2e1e57ca6bddb09e443df4f5fa60a5d57b23b
SHA256

7d4acccff51d024cd9fbd469234db6cacd04423a60e01eae3efbb8b9f6a7ceb2
SHA512

3a34585d84fdc39cde33a99d68005f4fd47608eac36100657210699e5fd82ee7090be500741aa58bb2dec331bb50a6ead6f800ce6017f00c99a5d2ee26cd2d9d
SSDEEP

12288:Hn4q8ZkNhTTywJ5FOiSeDuUlmTm7RzSCo:HRTffSxiQB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2156	dotnetchk.exe

Loads dropped DLL 4 IoCs

pid	Process
2084	05384943110d8f656428854ffdc73bee.exe
2084	05384943110d8f656428854ffdc73bee.exe
2084	05384943110d8f656428854ffdc73bee.exe
2084	05384943110d8f656428854ffdc73bee.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2156	2084	05384943110d8f656428854ffdc73bee.exe	28
PID 2084 wrote to memory of 2156	2084	05384943110d8f656428854ffdc73bee.exe	28
PID 2084 wrote to memory of 2156	2084	05384943110d8f656428854ffdc73bee.exe	28
PID 2084 wrote to memory of 2156	2084	05384943110d8f656428854ffdc73bee.exe	28

C:\Users\Admin\AppData\Local\Temp\05384943110d8f656428854ffdc73bee.exe
"C:\Users\Admin\AppData\Local\Temp\05384943110d8f656428854ffdc73bee.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Users\Admin\AppData\Local\Temp\VSD44FC.tmp\DotNetFX\dotnetchk.exe
  "C:\Users\Admin\AppData\Local\Temp\VSD44FC.tmp\DotNetFX\dotnetchk.exe"
  2⤵
  - Executes dropped EXE
  PID:2156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\VSD44FC.tmp\DotNetFX\dotnetchk.exe

Filesize
85KB

MD5
4992d98e6772a5fd7256c4c7fe978a11

SHA1
6cf70905908b59553e1b92e057c3e7c13bd7b6a4

SHA256
5494efb1859e625eff5c2b51a66058fd7ffe1aa619594f62900a0bef392012d0

SHA512
8afdda6a49a4c61c62e329f3d15dc31c98327fd720e654972b14f98112b79d293648cad0dd08b3d12e48e020dd21fe40f9fc0a6c78014e1434a1703f40f6f4d8

Download Submit