42f1466e480f36b83f367e26010bdc1376f7fd09485849945401f51d5c21d8e9

Analysis

max time kernel
120s
max time network
132s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 20:10

Target

02a5c26481aa82d85f04ba6d97f53fe6.exe
Size

36KB
MD5

02a5c26481aa82d85f04ba6d97f53fe6
SHA1

ae950032edb089f7c73ddfdf13f23e24a04702dd
SHA256

42f1466e480f36b83f367e26010bdc1376f7fd09485849945401f51d5c21d8e9
SHA512

63623f3195d13aa51e153a375f81bbf7e92164fa902875e4fff6d9b8422fcff9c8c1e0d2c35d1429d5d0a69ff425a656953830d4221513488856737abefe9ee8
SSDEEP

384:R4n1dWgsWIcUAewcDdDUD4QvSeOSgk/UZRe4xDpGkaV3gTGPz5S6ihTuXo2dsGLN:K77V7LUZQEpTDxNflPZscjS55DHy0

Score

7^/10

Deletes itself 1 IoCs

pid	Process
2780	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2092	02a5c26481aa82d85f04ba6d97f53fe6.exe
2092	02a5c26481aa82d85f04ba6d97f53fe6.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2092	02a5c26481aa82d85f04ba6d97f53fe6.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 2780	2092	02a5c26481aa82d85f04ba6d97f53fe6.exe	28
PID 2092 wrote to memory of 2780	2092	02a5c26481aa82d85f04ba6d97f53fe6.exe	28
PID 2092 wrote to memory of 2780	2092	02a5c26481aa82d85f04ba6d97f53fe6.exe	28
PID 2092 wrote to memory of 2780	2092	02a5c26481aa82d85f04ba6d97f53fe6.exe	28

C:\Users\Admin\AppData\Local\Temp\02a5c26481aa82d85f04ba6d97f53fe6.exe
"C:\Users\Admin\AppData\Local\Temp\02a5c26481aa82d85f04ba6d97f53fe6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\6369.bat" "
  2⤵
  - Deletes itself
  PID:2780

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\6369.bat

Filesize
299B

MD5
41c7c4f5573e9eaf9a58a13e8dbd9f76

SHA1
8ebe25621c359768edd2d27c179720562e9e142c

SHA256
10ed90569c9b87800ac0cbdda63a51347ec1503e440e0cff2ab40b898d3d75bb

SHA512
5d93fd9a595c6628c705c41d74da721c382c7baca123211eb5029bf13032e9d0d67870397f943520e05d6755b9bca7074f36c995f7a57ed8c9d5f73c348993f6

Download Submit