06aef60871153b731f4ed99aa1cf638e022da25cd62cd4d121a3e9799c5fbeb4

Analysis

max time kernel
8s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 08:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

13bdc0c585544fbe18ff4edd7d4af294.exe
Size

593KB
MD5

13bdc0c585544fbe18ff4edd7d4af294
SHA1

a8bf5125de8bc439490755332703e67a8742a193
SHA256

06aef60871153b731f4ed99aa1cf638e022da25cd62cd4d121a3e9799c5fbeb4
SHA512

413349dc6e8a3cdd9bac8d9175a98c45c659eab6088c14569bff80bd4ec972ecbbfcc289f5286ced88a1d43799e0cc64b5975d17555f1a43cb92ce13b1e29f89
SSDEEP

12288:lwMDD4z8x0bDiuWkPDBfOkAXlgmpQ5K/dQlnrH2DDm:ltghsSD5o1r68/dQlD4Dm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2896	DownloadManager.exe

Loads dropped DLL 8 IoCs

pid	Process
2168	13bdc0c585544fbe18ff4edd7d4af294.exe
2168	13bdc0c585544fbe18ff4edd7d4af294.exe
2168	13bdc0c585544fbe18ff4edd7d4af294.exe
2168	13bdc0c585544fbe18ff4edd7d4af294.exe
2168	13bdc0c585544fbe18ff4edd7d4af294.exe
2168	13bdc0c585544fbe18ff4edd7d4af294.exe
2168	13bdc0c585544fbe18ff4edd7d4af294.exe
2168	13bdc0c585544fbe18ff4edd7d4af294.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2896	2168	13bdc0c585544fbe18ff4edd7d4af294.exe	28
PID 2168 wrote to memory of 2896	2168	13bdc0c585544fbe18ff4edd7d4af294.exe	28
PID 2168 wrote to memory of 2896	2168	13bdc0c585544fbe18ff4edd7d4af294.exe	28
PID 2168 wrote to memory of 2896	2168	13bdc0c585544fbe18ff4edd7d4af294.exe	28

C:\Users\Admin\AppData\Local\Temp\13bdc0c585544fbe18ff4edd7d4af294.exe
"C:\Users\Admin\AppData\Local\Temp\13bdc0c585544fbe18ff4edd7d4af294.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\DM_LOzoPHi1aY\DownloadManager.exe
  DownloadManager.exe "C:\Users\Admin\AppData\Local\Temp\13bdc0c585544fbe18ff4edd7d4af294.exe"
  2⤵
  - Executes dropped EXE
  PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Cab92EF.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM_LOzoPHi1aY\DownloadManager.exe

Filesize
280KB

MD5
5a11494d92b16eec193cc8e458f00048

SHA1
d289a4d4f5ec6bc650e905f62e569371178c2e72

SHA256
9d90ce36e00aa0e35a711166b337a209c250870b2525043e49431cf60fbfbade

SHA512
f13e39a2d7bb2560fb44236571c106ab5077ca7e9ca7ecad8b7c149e16bdbe9120c1b01191ea5e4eb4d5e7ac5e7b6649a739fcebd9bb1f022a6778ae5637084a

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM_LOzoPHi1aY\DownloadManager.exe

Filesize
247KB

MD5
2715897afe4edd43f765348b7ceb0595

SHA1
2a89a7627d5d78b63a88a1fcd748790f1c6ea371

SHA256
731e983ea9d6c3dd23330d6f8ea28c62e31769cdac194caf0a6c3047f7529c2e

SHA512
f74770948020f4ee910a79abf53beabe5e174afc497d0936f6d9a43caac18df1216ccdb6c6068cf6fddb11af7836a9309204513c1a74a0eef8b0bd9935d8bdb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarA0E6.tmp

Filesize
165KB

MD5
06a2a4422078d1d09039e5c3cdd0845b

SHA1
46baf1837e31e5e0d31ef9071807c651d44e26f8

SHA256
788e2459d1f54e572d515233d884a5a360c4434a168b553031d22d711cc8d4d1

SHA512
92d637fbde89ec037c67a99b628f05dcab657870d51eecbf4a0a2a7797679092ef5fe1c272a307a50c6d5f6d4b6eae423391635c237e139dddcea34be90f84cf

Download Submit
\Users\Admin\AppData\Local\Temp\DM_LOzoPHi1aY\DownloadManager.exe

Filesize
267KB

MD5
aec92061e1af6c5b1fe058dbad480e90

SHA1
7e72946663d3a8ae20468e98d98ec18568343da9

SHA256
fd6f9ab61fc6b8761f78dff9f445a27c055ec7c5ad5e8a08b797d2cb922d5c5e

SHA512
b0f6ed1b8b08b21191f7d547deebfdddc6a7ab01ecdef032116a4f12fe52424bd0c48aeced5a50ba7b142327274612eb1f5b886fa8ff5952e81fddb255305554

Download Submit
\Users\Admin\AppData\Local\Temp\DM_LOzoPHi1aY\DownloadManager.exe

Filesize
235KB

MD5
317586551f09ea118269ddb7209a5d80

SHA1
7ead71d39c28551d571a9e28362caf58d55b2722

SHA256
bf0e4307864f2f98329f4e853cb595da84ae96dedd8c6812f6d175656a13c98a

SHA512
c48bb3cef0b01098a2e7b74dd2ba61d3032a11461b611e78dd9cd8da0f727981208d609c29e1a80d0aea4009c362872e0cf8fbc3780e6fcb756b3bd265359b50

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8D04.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8D04.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8D04.tmp\inetc.dll

Filesize
20KB

MD5
c498ae64b4971132bba676873978de1e

SHA1
92e4009cd776b6c8616d8bffade7668ef3cb3c27

SHA256
5552bdde7e4113393f683ef501e4cc84dccc071bdc51391ea7fa3e7c1d49e4e8

SHA512
8e5ca35493f749a39ceae6796d2658ba10f7d8d9ceca45bb4365b338fabd1dfa9b9f92e33f50c91b0273e66adfbce4b98b09c15fd2473f8b214ed797462333d7

Download Submit
\Users\Admin\AppData\Local\Temp\nsd8D04.tmp\pwgen.dll

Filesize
16KB

MD5
a555472395178ac8c733d90928e05017

SHA1
f44b192d66473f01a6540aaec4b6c9ac4c611d35

SHA256
82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e

SHA512
e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a

Download Submit
memory/2896-75-0x0000000002300000-0x0000000002318000-memory.dmp

Filesize
96KB

Download
memory/2896-82-0x000007FEF6090000-0x000007FEF6A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2896-39-0x000007FEF6090000-0x000007FEF6A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2896-76-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-77-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-78-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-79-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-80-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-81-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-40-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-83-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-85-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-84-0x000007FEF6090000-0x000007FEF6A2D000-memory.dmp

Filesize
9.6MB

Download
memory/2896-86-0x0000000021210000-0x00000000219B6000-memory.dmp

Filesize
7.6MB

Download
memory/2896-91-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-92-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download
memory/2896-93-0x00000000008D0000-0x0000000000950000-memory.dmp

Filesize
512KB

Download