b781965da959c4d73f83825fadb900d56f1732a0a23704c71faa1bef2464bfb0

Analysis

max time kernel
108s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 21:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04a04b099ebe0fc8041055c2c7fd8c42.exe
Size

105KB
MD5

04a04b099ebe0fc8041055c2c7fd8c42
SHA1

4ae00c6215c961dbb0d09bbb6958a3185b3d40e1
SHA256

b781965da959c4d73f83825fadb900d56f1732a0a23704c71faa1bef2464bfb0
SHA512

e6de92e9ce68ccc6451649d2cf8f34048f89389eb60a3bb76e9a420b17684fe5bcb73326a6d30cca54dd325e76b393846d3c44cfb0d0bb0a2b6c513cb90c7d91
SSDEEP

3072:k0W7cRqnq4xl0WYt3S73fNuYzyU8J5BrWx:CouqFA1uOZ8J5A

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
3020	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2616	04a04b099ebe0fc8041055c2c7fd8c42.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2616 wrote to memory of 3020	2616	04a04b099ebe0fc8041055c2c7fd8c42.exe	29
PID 2616 wrote to memory of 3020	2616	04a04b099ebe0fc8041055c2c7fd8c42.exe	29
PID 2616 wrote to memory of 3020	2616	04a04b099ebe0fc8041055c2c7fd8c42.exe	29
PID 2616 wrote to memory of 3020	2616	04a04b099ebe0fc8041055c2c7fd8c42.exe	29

C:\Users\Admin\AppData\Local\Temp\04a04b099ebe0fc8041055c2c7fd8c42.exe
"C:\Users\Admin\AppData\Local\Temp\04a04b099ebe0fc8041055c2c7fd8c42.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2616
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ixb..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ixb..bat

Filesize
210B

MD5
2e096ded7979484f819c5732c667d526

SHA1
c51e610a082c15e9c09c07cb1cd6b3c7deb40bc0

SHA256
67cbed5f633fa2046f41070b8053d8d042fd308d78b00ddf8aede68548a9e5d1

SHA512
3902a1934e3ba1f1d916d5513ab956a36b093728dab44c90d06af6f3dd76faad1dedd20707e508559e0b62e00f83bc054670f805f1e330c6faadd55269dd9dfb

Download Submit
memory/2616-0-0x0000000000220000-0x000000000022D000-memory.dmp

Filesize
52KB

Download
memory/2616-1-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2616-2-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2616-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2616-4-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2616-5-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2616-6-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/2616-8-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download