6174e94a9735f112dfdd88ed24e8aa09ca5b5afd8cf0b84b07884191fe823236

Analysis

max time kernel
117s
max time network
149s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 05:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10235903bb705151373c5c44da6da81a.exe
Size

93KB
MD5

10235903bb705151373c5c44da6da81a
SHA1

3412406d4140d47e5e280d3546af872a30821900
SHA256

6174e94a9735f112dfdd88ed24e8aa09ca5b5afd8cf0b84b07884191fe823236
SHA512

906276566dc29e9970f395402235b4c686962191cf77795cbcee83801e50ee26834cdc40d977200b7a8fd3ff5d667123f4627bd37f8b6ff2fb7b369e6e091785
SSDEEP

1536:1yQT05QG70AQz6CwvonnZfr0od8yQoAX2D357dGweFrBNo8DirUrlFIy:fZD0o3A2lZirztrlFIy

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2336	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2336	2204	10235903bb705151373c5c44da6da81a.exe	28
PID 2204 wrote to memory of 2336	2204	10235903bb705151373c5c44da6da81a.exe	28
PID 2204 wrote to memory of 2336	2204	10235903bb705151373c5c44da6da81a.exe	28
PID 2204 wrote to memory of 2336	2204	10235903bb705151373c5c44da6da81a.exe	28

C:\Users\Admin\AppData\Local\Temp\10235903bb705151373c5c44da6da81a.exe
"C:\Users\Admin\AppData\Local\Temp\10235903bb705151373c5c44da6da81a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ajz..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ajz..bat

Filesize
210B

MD5
037060fafe4b601aaa419de740bb6e5b

SHA1
075f4e4337de56e241103110375fda1e2beb8caa

SHA256
2e43306dc4e3cbeb26d6dafc7634b8bd930d6dfba5e0199007ee1483748daebf

SHA512
8b86936c429fcc97d82c352f6485602cdd015f6d31fe23d1c89796ca0289506bea1fab888ee01de2b5df0f0f384916e1c031035ece2264445236eeac4e3acd06

Download Submit
memory/2204-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2204-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2204-5-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download