24817284c1d9287ff4268e087f653060dd00a6dc30518d69867d0f9f052bfe4e

Analysis

max time kernel
118s
max time network
146s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 04:53

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0f24e9422466a1ae11a664e0bb3e7b03.exe
Size

270KB
MD5

0f24e9422466a1ae11a664e0bb3e7b03
SHA1

b6f88471f8a71a01edba79723a42e4ca35e721ed
SHA256

24817284c1d9287ff4268e087f653060dd00a6dc30518d69867d0f9f052bfe4e
SHA512

cd2012312b558f309dd5806bd79576116e938a187b32023372c6223e0cb61f4b42c689395949570cfd79ab35ae00c7dac3ef9143c731e85a2db341b7bee84e8c
SSDEEP

6144:SsconR6l+OSKOtom4fEGEsQB6izc1BfCdNpnmbzzLZh9oN:uo0lV+oDfEhBlkULnSzXZg

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
820	0f24e9422466a1ae11a664e0bb3e7b03.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
820	0f24e9422466a1ae11a664e0bb3e7b03.exe
820	0f24e9422466a1ae11a664e0bb3e7b03.exe
820	0f24e9422466a1ae11a664e0bb3e7b03.exe
820	0f24e9422466a1ae11a664e0bb3e7b03.exe
820	0f24e9422466a1ae11a664e0bb3e7b03.exe
820	0f24e9422466a1ae11a664e0bb3e7b03.exe
820	0f24e9422466a1ae11a664e0bb3e7b03.exe
820	0f24e9422466a1ae11a664e0bb3e7b03.exe

C:\Users\Admin\AppData\Local\Temp\0f24e9422466a1ae11a664e0bb3e7b03.exe
"C:\Users\Admin\AppData\Local\Temp\0f24e9422466a1ae11a664e0bb3e7b03.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mm_596A.tmp\log.txt

Filesize
490B

MD5
62ab18d2f3849ce66b7ce5cfc0d38c55

SHA1
9065ccefc84fcad8f51a8b0215941d74dfeb47be

SHA256
83c640f646367727a3724f2f0edd545b8558747fdda8bcd16d410e423e91c7a0

SHA512
185a7f4fbc40344674faff8202aa9e88cab75cf0450b80ab796f9676926f0034a800ca828e2f5e4424479f22e12850dd17fb8d4cf1aaab1fda406dedace64796

Download Submit
C:\Users\Admin\AppData\Local\Temp\mm_596A.tmp\log.txt

Filesize
1KB

MD5
84c6d3a5e4ecd177112677391223ff49

SHA1
bc628311967200ca86b9a88a1b69137bbfa54f8d

SHA256
8085a319532c286c68194afae46f0f2fa383a82c4a59da262ba5bf116698946b

SHA512
2ffa070cab30be64ba0826448191c65b9e590046789ce7c6316bad13948734c1c7996ab1a983d04222e62f8499af51c98b99908c98282747564688b04f72b32f

Download Submit
\Users\Admin\AppData\Local\Temp\nsj5801.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
memory/820-51-0x0000000020500000-0x0000000020587000-memory.dmp

Filesize
540KB

Download
memory/820-29-0x0000000020500000-0x0000000020587000-memory.dmp

Filesize
540KB

Download
memory/820-48-0x0000000020500000-0x0000000020587000-memory.dmp

Filesize
540KB

Download
memory/820-26-0x000000007EF80000-0x000000007EF81000-memory.dmp

Filesize
4KB

Download
memory/820-53-0x0000000020500000-0x0000000020587000-memory.dmp

Filesize
540KB

Download
memory/820-9-0x000000007EFA0000-0x000000007EFA1000-memory.dmp

Filesize
4KB

Download
memory/820-61-0x0000000020500000-0x0000000020587000-memory.dmp

Filesize
540KB

Download
memory/820-54-0x0000000020500000-0x0000000020587000-memory.dmp

Filesize
540KB

Download
memory/820-81-0x0000000020500000-0x0000000020587000-memory.dmp

Filesize
540KB

Download
memory/820-82-0x0000000020500000-0x0000000020587000-memory.dmp

Filesize
540KB

Download