f00061277e4c119968ef4d7dc0eb6c10bf3d8d7d77a59e4aeece74fd786c3e37

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:35

Target

12488613ff6dd627a69fca8e8664336e.exe
Size

148KB
MD5

12488613ff6dd627a69fca8e8664336e
SHA1

e28c6aa18fd4c521f49861f0daebffcfe7e24809
SHA256

f00061277e4c119968ef4d7dc0eb6c10bf3d8d7d77a59e4aeece74fd786c3e37
SHA512

49c10620fa0e6c330c8043bfebfcce220f1d2b9dc58b83e17a2530c748010a70d367a75f01966352ae207fa83bebec596ac56abd767c57a2fba10f5c4710f1dd
SSDEEP

768:X8ATV/MFMDEEx1PAy4jyn5jAI8dbFbshQRbYFKvcwhnbrEJOwOU/Huz8aE:Xfl6MoEvw+nFARAhmsidhbrEJ/OzO

Score

7^/10

upx

Deletes itself 1 IoCs

pid	Process
2284	cmd.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

resource	yara_rule
behavioral1/memory/2204-2-0x0000000000400000-0x0000000000477000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2204	12488613ff6dd627a69fca8e8664336e.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 2284	2204	12488613ff6dd627a69fca8e8664336e.exe	28
PID 2204 wrote to memory of 2284	2204	12488613ff6dd627a69fca8e8664336e.exe	28
PID 2204 wrote to memory of 2284	2204	12488613ff6dd627a69fca8e8664336e.exe	28
PID 2204 wrote to memory of 2284	2204	12488613ff6dd627a69fca8e8664336e.exe	28

C:\Users\Admin\AppData\Local\Temp\12488613ff6dd627a69fca8e8664336e.exe
"C:\Users\Admin\AppData\Local\Temp\12488613ff6dd627a69fca8e8664336e.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\a..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2284

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\a..bat

Filesize
210B

MD5
8714d3ba5a17bcddc178e737f387d649

SHA1
54a19056bdb7009ff166e9ae8d90eb569e1edc62

SHA256
a908a3a96ffe2717ba16a1f658f81c248f179d9d0851a41b6b412f872d488450

SHA512
fd9ea94f25037354e43277dce657fb1989f13ac258f00e5bf7c2ed3301e77a231445c8da0af93c020332c08522f536329d680891b029c3d9b13d0a76a40b7678

Download Submit
memory/2204-0-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download
memory/2204-2-0x0000000000400000-0x0000000000477000-memory.dmp

Filesize
476KB

Download