852bb9f9d2503697f87e7a1745021ace532a27c57aa208d491aed11ce5ed4ad7

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29-12-2023 23:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07309db619f1e83a147640ea0956b0de.exe
Size

808KB
MD5

07309db619f1e83a147640ea0956b0de
SHA1

d8cd86ddf06b933e6d25d1dfaa05e38986d03cb9
SHA256

852bb9f9d2503697f87e7a1745021ace532a27c57aa208d491aed11ce5ed4ad7
SHA512

8a4842e6fa3bc0692798ec9a3ead0b2f11446a4c603cb903febb47dcdf462a7c5d26554a0c8f3684e906dc894d4e5d7a362a23f0df204eb08e0976a2590a44c8
SSDEEP

24576:mFHfHCvj8p2IG5ET3VQGSQeIbSkNW+gWGc3:mFAWGnGSCS2W+HGc3

Score

8^/10

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\drivers\etc\hosts	07309db619f1e83a147640ea0956b0de.exe

Executes dropped EXE 2 IoCs

pid	Process
2192	000.exe
2408	2.exe

Loads dropped DLL 4 IoCs

pid	Process
2248	07309db619f1e83a147640ea0956b0de.exe
2248	07309db619f1e83a147640ea0956b0de.exe
2248	07309db619f1e83a147640ea0956b0de.exe
2248	07309db619f1e83a147640ea0956b0de.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\SVKP.sys	000.exe
File created	C:\Windows\SysWOW64\SVKP.sys	2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
476	Process not Found

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 2192	2248	07309db619f1e83a147640ea0956b0de.exe	16
PID 2248 wrote to memory of 2192	2248	07309db619f1e83a147640ea0956b0de.exe	16
PID 2248 wrote to memory of 2192	2248	07309db619f1e83a147640ea0956b0de.exe	16
PID 2248 wrote to memory of 2192	2248	07309db619f1e83a147640ea0956b0de.exe	16
PID 2248 wrote to memory of 2408	2248	07309db619f1e83a147640ea0956b0de.exe	15
PID 2248 wrote to memory of 2408	2248	07309db619f1e83a147640ea0956b0de.exe	15
PID 2248 wrote to memory of 2408	2248	07309db619f1e83a147640ea0956b0de.exe	15
PID 2248 wrote to memory of 2408	2248	07309db619f1e83a147640ea0956b0de.exe	15

C:\Users\Admin\AppData\Local\Temp\07309db619f1e83a147640ea0956b0de.exe
"C:\Users\Admin\AppData\Local\Temp\07309db619f1e83a147640ea0956b0de.exe"
1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Users\Admin\AppData\Local\Temp\2.exe
  "C:\Users\Admin\AppData\Local\Temp\2.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2408
- C:\Users\Admin\AppData\Local\Temp\000.exe
  "C:\Users\Admin\AppData\Local\Temp\000.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  PID:2192

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\000.exe

Filesize
92KB

MD5
67ece8f1fc4274e1e85c18feeabaefff

SHA1
53e437cf718d7e7ac46da61889e56914439f312e

SHA256
21890eed6d623169e67ffb23cccdf55301b77994ab4d13a398ab57e49ed733f3

SHA512
35f2219bca5dccb42687ffb533b92ebd95fcb04b687520df765c21cdbfe61112a6bd3ca78c5be7f3507227052d83bb01a21596ff02de82fe2023a31a0f62a7ef

Download Submit
\Users\Admin\AppData\Local\Temp\000.exe

Filesize
400KB

MD5
a5bca0f04d56400f1b6e05b58bd673fa

SHA1
46385ece1ee86d8b820ea928d7609169dee3554d

SHA256
e51adb267ebda4cdb83cb51caa86be89c48e068df972d288a9e581028d7d3fd6

SHA512
9acdd8d3e4b5e1c68e21208ec2e2a577f66cfff5583094846911880b1acba19f40996dd094ea683dc553dd9ff6f44a78ca1de2f33e72af7ae3e68303b2c92a7c

Download Submit
memory/2192-21-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/2248-18-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2408-22-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download