03962f604cf083228339974854c73d1748b9e4dfc1619ad054af4d0e97b73261

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 15:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

111d81a99425075a339699d623e30f30.exe
Size

143KB
MD5

111d81a99425075a339699d623e30f30
SHA1

99166c7ca89590cf796b4a5978ee6b59b42191d4
SHA256

03962f604cf083228339974854c73d1748b9e4dfc1619ad054af4d0e97b73261
SHA512

60b38592d705a2b252eddec6c00860cc9365fe78ad4a76816081372a6699fce3f271dedc20a57120ff512c2fbfbc84c43621cdf01333c1a7ae76ae93c5d6ef7a
SSDEEP

3072:u3+zoLcd8PwJmxgWw/l3s43P98RHlP/spL+fRYLmgGTULpyXevlmSbReH:u4oA8zqP/l3s4/98fPEpVmBT2uwlm

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1976	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 1976	2964	111d81a99425075a339699d623e30f30.exe	28
PID 2964 wrote to memory of 1976	2964	111d81a99425075a339699d623e30f30.exe	28
PID 2964 wrote to memory of 1976	2964	111d81a99425075a339699d623e30f30.exe	28
PID 2964 wrote to memory of 1976	2964	111d81a99425075a339699d623e30f30.exe	28

C:\Users\Admin\AppData\Local\Temp\111d81a99425075a339699d623e30f30.exe
"C:\Users\Admin\AppData\Local\Temp\111d81a99425075a339699d623e30f30.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Nvf..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:1976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Nvf..bat

Filesize
210B

MD5
598006b508101c71ec8ab52387d63ad9

SHA1
4f847afb67b301a902016dd798b31e2c5a8a2f41

SHA256
cf18a51a442dd0fb35e2e55f2a72dc37dd5742948fb44d2cb89138a54cf4a932

SHA512
cbfc3f0422b94dba7a24b1a0de0ff9539e3bdb4b43051ef06a670e45012f394c7435f4c4549f1a58cd78736729ae657318dde5f406fb9468ac4d80294794512e

Download Submit
memory/2964-0-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/2964-1-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/2964-2-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2964-4-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download