9b93c34032e7e847b9c6c1d8e75c1413c00b723130afc12f2cdd7d8352969a55

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 07:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

12aac248ee73c726c953fe4c37f97779.exe
Size

110KB
MD5

12aac248ee73c726c953fe4c37f97779
SHA1

41486bf80718a3ccea98e115540c7d895825feff
SHA256

9b93c34032e7e847b9c6c1d8e75c1413c00b723130afc12f2cdd7d8352969a55
SHA512

187b47f8af4cd31dc12032bea3984c99c5ce01ed5bd78c91c59a21206fd9fd6ad3d58cff839237716ac1b7ceff13636a6ad8fffa27c17060ac2015e40325cadd
SSDEEP

1536:h0LFGxfLR3JaTNjDTJIBTtL9qfEovoWODtaqPhNm1ekqan2DMI:hMGh1Ja1q3L9qfHIDbJNvV

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2976	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2976	3044	12aac248ee73c726c953fe4c37f97779.exe	28
PID 3044 wrote to memory of 2976	3044	12aac248ee73c726c953fe4c37f97779.exe	28
PID 3044 wrote to memory of 2976	3044	12aac248ee73c726c953fe4c37f97779.exe	28
PID 3044 wrote to memory of 2976	3044	12aac248ee73c726c953fe4c37f97779.exe	28

C:\Users\Admin\AppData\Local\Temp\12aac248ee73c726c953fe4c37f97779.exe
"C:\Users\Admin\AppData\Local\Temp\12aac248ee73c726c953fe4c37f97779.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Spp..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Spp..bat

Filesize
210B

MD5
afcbf9fb57db7567d4a8b641b93ab86f

SHA1
f189d3d21968f34aa13198b53143e7de42d49209

SHA256
66bebe61bd65b8d8a14da8825110cc81cda68ef69ee4a38b62b82e52a06f6fa5

SHA512
39a8a441b0c252beb8f9af311b97aea798fca133462ffbb0f19fbca475d0a7f8d5e4e05b41be13606a1f9d27f7cac86a1c37c80e4024d2c3af70c881a9e3c40c

Download Submit
memory/3044-0-0x0000000000130000-0x0000000000147000-memory.dmp

Filesize
92KB

Download
memory/3044-1-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download
memory/3044-3-0x0000000000400000-0x000000000041E000-memory.dmp

Filesize
120KB

Download