95787e34f1bbaf3942c8af22805ce57ba2aa43e8964f630606219844fa56847e

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

11e5796bb3701b17358fd60128b707c5.exe
Size

144KB
MD5

11e5796bb3701b17358fd60128b707c5
SHA1

67f52e1482fe2267b59762a70090237fe764f463
SHA256

95787e34f1bbaf3942c8af22805ce57ba2aa43e8964f630606219844fa56847e
SHA512

dec7defc75dbb402e2349951ab3555eb40ff4484a07cd32fd191e39cd3867f0b3ea20c4449c69b1c5b07ace19c014dc9f28cf7706f69658a55541d5b37122186
SSDEEP

3072:V7GeKlH/SvQ0tRpSFsOTHHrdT+cT3B0DBpq7qZ2o2LlmSbReH:Vvs/6HMZHkDBZZ2bLlm

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2992	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2356 wrote to memory of 2992	2356	11e5796bb3701b17358fd60128b707c5.exe	27
PID 2356 wrote to memory of 2992	2356	11e5796bb3701b17358fd60128b707c5.exe	27
PID 2356 wrote to memory of 2992	2356	11e5796bb3701b17358fd60128b707c5.exe	27
PID 2356 wrote to memory of 2992	2356	11e5796bb3701b17358fd60128b707c5.exe	27

C:\Users\Admin\AppData\Local\Temp\11e5796bb3701b17358fd60128b707c5.exe
"C:\Users\Admin\AppData\Local\Temp\11e5796bb3701b17358fd60128b707c5.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2356
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ddz..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ddz..bat

Filesize
210B

MD5
514d60e0de26ece51d94e005c17556cf

SHA1
d8ee5b3465d479a96b06ca97550952214c8dfc92

SHA256
0331ba7b54dc6dac4431c8ad35eb2ab1992b8db55266d5a59240efb446bb76f4

SHA512
94076698b45c51cd1fca26cb8b5f3fd89a483032d33ffc0584fb0098b9a6b2e6dc4194bd09f163e4fa813eddc03d3c65982d98a3b9a859957ae8963091d2dddc

Download Submit
memory/2356-0-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/2356-1-0x0000000000220000-0x000000000024F000-memory.dmp

Filesize
188KB

Download
memory/2356-2-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2356-4-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download