311cefa409a25b1541d5d0145996ea8eac3c54e6424414f4ecb39af61e6778b3

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 02:04

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0b0d044d2ce0b62938d920c99ec2ff77.exe
Size

3.7MB
MD5

0b0d044d2ce0b62938d920c99ec2ff77
SHA1

866978b45c331a4a702ce5cd80c3e6a9f2e50541
SHA256

311cefa409a25b1541d5d0145996ea8eac3c54e6424414f4ecb39af61e6778b3
SHA512

451bf108abaaf69c218aabd4746e6603b9e798a221afb693eefd70b805b9f3e3df8cad7bd20fdaf944a6c62f239194c88febef192ddfab167d349a7fe9fb4038
SSDEEP

98304:CKmNneiqmxrTurwNg1oXxCqU6y1vgIYs2E4lzXLz+PMGQQxf:8ePmNTIKgWBNVIYpE2n+UGQQ9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1524	0b0d044d2ce0b62938d920c99ec2ff77.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 1524	5108	0b0d044d2ce0b62938d920c99ec2ff77.exe	90
PID 5108 wrote to memory of 1524	5108	0b0d044d2ce0b62938d920c99ec2ff77.exe	90
PID 5108 wrote to memory of 1524	5108	0b0d044d2ce0b62938d920c99ec2ff77.exe	90

C:\Users\Admin\AppData\Local\Temp\0b0d044d2ce0b62938d920c99ec2ff77.exe
"C:\Users\Admin\AppData\Local\Temp\0b0d044d2ce0b62938d920c99ec2ff77.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Users\Admin\AppData\Local\Temp\is-57J59.tmp\0b0d044d2ce0b62938d920c99ec2ff77.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-57J59.tmp\0b0d044d2ce0b62938d920c99ec2ff77.tmp" /SL5="$901DC,3581878,54272,C:\Users\Admin\AppData\Local\Temp\0b0d044d2ce0b62938d920c99ec2ff77.exe"
  2⤵
  - Executes dropped EXE
  PID:1524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-57J59.tmp\0b0d044d2ce0b62938d920c99ec2ff77.tmp

Filesize
680KB

MD5
0fed0ac6b23dd0774476bf124ffaf9d4

SHA1
7b67a702d1ed31597fcb45b79e894f1303cb7b98

SHA256
fc516517a9796d1c45dd8c883feec1aa6952d7cf713eaec9ae6069265de35964

SHA512
2728923e238b5a7d3d7eb25855c1aa9c54e1db5bad3039cf4709371a25cc857e63611b8beba78c39965aedc852e4234b70b52d4e793d797ec57f979e9ab61a98

Download Submit
memory/1524-7-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1524-19-0x0000000000400000-0x00000000004BA000-memory.dmp

Filesize
744KB

Download
memory/1524-22-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/5108-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5108-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/5108-18-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download