1b8338daf5d4dd1dda06dae1d99d7f980d858de93b04bcc72d0e0be4de79e67d

Analysis

max time kernel
151s
max time network
156s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

076ba5b6bc3432367d461e9afff74773.exe
Size

30KB
MD5

076ba5b6bc3432367d461e9afff74773
SHA1

0d842cb2b7635344fce7a0f1871b4db62a280bfa
SHA256

1b8338daf5d4dd1dda06dae1d99d7f980d858de93b04bcc72d0e0be4de79e67d
SHA512

d23fd781683f4a221dde3993abb381fd7505aeebd88dfcabc1403327ec9f7d5564f6001b69f93d588e16726e60dca6dce28f248687f38ba407c5ceb9dd943a62
SSDEEP

768:AzCzDHjqcg3fwgpYK/k59zck/fDBmaXjW+D9191G:fM3fiXjWq9vw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2660	plote.exe

Loads dropped DLL 1 IoCs

pid	Process
3024	076ba5b6bc3432367d461e9afff74773.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
3024	076ba5b6bc3432367d461e9afff74773.exe
2660	plote.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3024 wrote to memory of 2660	3024	076ba5b6bc3432367d461e9afff74773.exe	28
PID 3024 wrote to memory of 2660	3024	076ba5b6bc3432367d461e9afff74773.exe	28
PID 3024 wrote to memory of 2660	3024	076ba5b6bc3432367d461e9afff74773.exe	28
PID 3024 wrote to memory of 2660	3024	076ba5b6bc3432367d461e9afff74773.exe	28

C:\Users\Admin\AppData\Local\Temp\076ba5b6bc3432367d461e9afff74773.exe
"C:\Users\Admin\AppData\Local\Temp\076ba5b6bc3432367d461e9afff74773.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:3024
- C:\Users\Admin\AppData\Local\Temp\plote.exe
  "C:\Users\Admin\AppData\Local\Temp\plote.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2660

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\plote.exe

Filesize
30KB

MD5
bf2e3c0db6ad6d598a0ac38b49e960df

SHA1
e78e6e163fe2d4937247d0ee93c3818936b0ded8

SHA256
a19e2293f328ecf0ef5936e7a8d708f753fc1c4e5099213091a8528ec860b320

SHA512
fee641af5c8dbd3cc379509aae827ca54fee29df53e86604c14cd7fe00510de52619387cf17abfcda1a7148aedcffd3a71f553e108c75466b6cf7530a890fd01

Download Submit
memory/2660-16-0x0000000000260000-0x0000000000266000-memory.dmp

Filesize
24KB

Download
memory/3024-0-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download
memory/3024-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/3024-8-0x00000000002A0000-0x00000000002A6000-memory.dmp

Filesize
24KB

Download