16b033e138f0cd09157f7ff1ec87adcfeb6a1e30ca85d65109439af51d048453

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1fbf1ece3181e9b059777bfd339ceee0.exe
Size

271KB
MD5

1fbf1ece3181e9b059777bfd339ceee0
SHA1

45093d4c0b13d39bf79519580b4bf276bb8968b7
SHA256

16b033e138f0cd09157f7ff1ec87adcfeb6a1e30ca85d65109439af51d048453
SHA512

43c2c788a9820ce999e83ee22d752a3c576ace71e97403b568552dcee01cc8692fa6b2a5a5532b1a8f1478be08c83580b47b1f9e19adeef898a2588420351008
SSDEEP

6144:WZuuObR8sVImcyYcJqpiHSIEPuUKR8ZoxUFJhkQ2Khhtd9QK:dV+mzDqpi//UO82xUFIQL79QK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2380	server.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2980 wrote to memory of 2380	2980	1fbf1ece3181e9b059777bfd339ceee0.exe	29
PID 2980 wrote to memory of 2380	2980	1fbf1ece3181e9b059777bfd339ceee0.exe	29
PID 2980 wrote to memory of 2380	2980	1fbf1ece3181e9b059777bfd339ceee0.exe	29
PID 2980 wrote to memory of 2380	2980	1fbf1ece3181e9b059777bfd339ceee0.exe	29
PID 2380 wrote to memory of 2208	2380	server.exe	28
PID 2380 wrote to memory of 2208	2380	server.exe	28
PID 2380 wrote to memory of 2208	2380	server.exe	28

C:\Users\Admin\AppData\Local\Temp\1fbf1ece3181e9b059777bfd339ceee0.exe
"C:\Users\Admin\AppData\Local\Temp\1fbf1ece3181e9b059777bfd339ceee0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2980
- C:\server.exe
  "C:\server.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2380

C:\server.exe
C:\server.exe
1⤵
PID:2208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2380-8-0x0000000000B90000-0x0000000000C10000-memory.dmp

Filesize
512KB

Download
memory/2380-9-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/2380-7-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/2380-10-0x0000000000B90000-0x0000000000C10000-memory.dmp

Filesize
512KB

Download
memory/2380-11-0x000007FEF6010000-0x000007FEF69AD000-memory.dmp

Filesize
9.6MB

Download
memory/2980-5-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download