Analysis
-
max time kernel
140s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
30/12/2023, 02:05
General
-
Target
0b109f79825948a8db84e420f6ee05d6.exe
-
Size
938KB
-
MD5
0b109f79825948a8db84e420f6ee05d6
-
SHA1
ceb3d1ce4626cf49b71028f321ad8c2aa98d9650
-
SHA256
e87211d098d42b83b2888353034ffda4d9fcd817dcc401aeca2e733fec2ad671
-
SHA512
1bfdaf6e3bc4748be9494fe5ffeb38d93f482f9602d04ed9ee30d07488a066b7e5c103a37e7c9c287e1a657b6f6d8925549f02666619d0b8dba790ea6adfb459
-
SSDEEP
24576:OpSS+iYBuAYarjPqRnFSuJKj7zbSHw/cDKgM3T+Bzty:OpSS+buAYGjPqRnFJubSHw/eKgST+BzY
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\0b109f79825948a8db84e420f6ee05d6.exe"C:\Users\Admin\AppData\Local\Temp\0b109f79825948a8db84e420f6ee05d6.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\INS1130.tmpC:\Users\Admin\AppData\Local\Temp\INS1130.tmp /SL3 $50150 C:\Users\Admin\AppData\Local\Temp\0b109f79825948a8db84e420f6ee05d6.exe 883717 887710 655362⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
96KB
-
Filesize
536KB