1526999857c6867c89c17c71d4102d3e2a51ae1b5431429a6506937a94731df3

Analysis

max time kernel
120s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 18:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

008c09862d6c91771192748d87f1234f.exe
Size

367KB
MD5

008c09862d6c91771192748d87f1234f
SHA1

0a27abef85ed2fa8da88201a535321ad0019b085
SHA256

1526999857c6867c89c17c71d4102d3e2a51ae1b5431429a6506937a94731df3
SHA512

005e85fd002a55780ef84957547a83cb3fd2f0644b0c49d59d22c120a18d0b688d22415e915fa9fd1b0b8a3fec3f964458d1557cd13896f6e40da6aa1e97874c
SSDEEP

6144:3AC7khfwz7fnVISwpD484Y9Y2h1IJggp03zyu3niGzamzYgpIUOaBf9MPfc7i/L:wC7khfwz7fnVeMDeO+Ai+5L

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\008c09862d6c91771192748d87f1234f.lnk	008c09862d6c91771192748d87f1234f.exe

Loads dropped DLL 1 IoCs

pid	Process
2548	008c09862d6c91771192748d87f1234f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\008c09862d6c91771192748d87f1234f.exe
"C:\Users\Admin\AppData\Local\Temp\008c09862d6c91771192748d87f1234f.exe"
1⤵
- Drops startup file
- Loads dropped DLL
PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\ProgramData\{d1f975e4-e1e7-8d34-d1f9-975e4e1ed793}\008c09862d6c91771192748d87f1234f.exe

Filesize
98KB

MD5
f8d0c226cf4aba8cf6372f4656225a12

SHA1
1d648a63f19031c254deaf78845d482085031ef8

SHA256
307c56a108f05615425753bf1f9c41b4f20d502c2de9a38fd5a8b83abf35439a

SHA512
68ea7ff697a8fdc38d164a632d1d45882a0b3be2b017a5d034c1f5b65043f69f0bd6666351e7a006a6878f0dd822204abb9a5afbe57b553f0427b04237b23ad7

Download Submit
memory/2548-26-0x0000000000B60000-0x0000000000B61000-memory.dmp

Filesize
4KB

Download
memory/2548-18-0x0000000000AB0000-0x0000000000AB1000-memory.dmp

Filesize
4KB

Download
memory/2548-5-0x0000000000B10000-0x0000000000B3C000-memory.dmp

Filesize
176KB

Download
memory/2548-7-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/2548-9-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/2548-34-0x0000000000BC0000-0x0000000000BC1000-memory.dmp

Filesize
4KB

Download
memory/2548-1-0x0000000000030000-0x0000000000032000-memory.dmp

Filesize
8KB

Download
memory/2548-33-0x0000000000B70000-0x0000000000B71000-memory.dmp

Filesize
4KB

Download
memory/2548-32-0x00000000008B0000-0x00000000008B1000-memory.dmp

Filesize
4KB

Download
memory/2548-31-0x00000000000B0000-0x00000000000B1000-memory.dmp

Filesize
4KB

Download
memory/2548-30-0x0000000000B90000-0x0000000000B91000-memory.dmp

Filesize
4KB

Download
memory/2548-28-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/2548-27-0x0000000000B50000-0x0000000000B51000-memory.dmp

Filesize
4KB

Download
memory/2548-0-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2548-3-0x00000000000C0000-0x00000000000C1000-memory.dmp

Filesize
4KB

Download
memory/2548-21-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/2548-25-0x0000000000B40000-0x0000000000B41000-memory.dmp

Filesize
4KB

Download
memory/2548-20-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/2548-19-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

Filesize
4KB

Download
memory/2548-23-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/2548-17-0x0000000000AC0000-0x0000000000AC1000-memory.dmp

Filesize
4KB

Download
memory/2548-16-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/2548-15-0x00000000005A0000-0x00000000005A2000-memory.dmp

Filesize
8KB

Download
memory/2548-14-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/2548-13-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/2548-12-0x0000000000A70000-0x0000000000A71000-memory.dmp

Filesize
4KB

Download
memory/2548-11-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/2548-4-0x00000000004F0000-0x00000000004F1000-memory.dmp

Filesize
4KB

Download
memory/2548-2-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download