77f95c45dfffaa9f1662ad49f6dfdaae2f6ee54f0d46aec4f42c655d8a182891

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0710ec3ba88c3eb14fa26137e34fba59.exe
Size

23KB
MD5

0710ec3ba88c3eb14fa26137e34fba59
SHA1

9d070e8f883387e74112429b318b5b2bce1873b6
SHA256

77f95c45dfffaa9f1662ad49f6dfdaae2f6ee54f0d46aec4f42c655d8a182891
SHA512

5787b609b4c4340647ee43427d1faa8698cdab70223d71a595ebebb87ad8651a7b4dcc55412b04c2025db1ead0f175e8f671c8a4f4eddf902066b852b6005ecd
SSDEEP

384:CGR2tMAuuW9Bf0DUROfet17msKDRHrgxAX:BYtMADW9mfmgRHkxS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2708	r.exe

Loads dropped DLL 2 IoCs

pid	Process
3016	0710ec3ba88c3eb14fa26137e34fba59.exe
3016	0710ec3ba88c3eb14fa26137e34fba59.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3016	0710ec3ba88c3eb14fa26137e34fba59.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3016 wrote to memory of 2708	3016	0710ec3ba88c3eb14fa26137e34fba59.exe	28
PID 3016 wrote to memory of 2708	3016	0710ec3ba88c3eb14fa26137e34fba59.exe	28
PID 3016 wrote to memory of 2708	3016	0710ec3ba88c3eb14fa26137e34fba59.exe	28
PID 3016 wrote to memory of 2708	3016	0710ec3ba88c3eb14fa26137e34fba59.exe	28

C:\Users\Admin\AppData\Local\Temp\0710ec3ba88c3eb14fa26137e34fba59.exe
"C:\Users\Admin\AppData\Local\Temp\0710ec3ba88c3eb14fa26137e34fba59.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016
- C:\Users\Admin\AppData\Local\Temp\r.exe
  "C:\Users\Admin\AppData\Local\Temp\r.exe"
  2⤵
  - Executes dropped EXE
  PID:2708

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\r.exe

Filesize
7KB

MD5
b1490bc988c510911cf00d4d4f229071

SHA1
307c60b1a3181f4d33d7502006d4a0872bab1100

SHA256
f174532da1ea176338e2f529064828d23556dee322b204c85d514954906baeb8

SHA512
21f1922a6ef63b6328b017db55721631d2dfb5f6348116bf9bbb59fe70ad77fcc316c48bf0871414987b03176795f6e25fbb26b2b5ed884ff9c037471f5216c3

Download Submit