Overview

overview

7

Static

static

3

16c1182bbf...13.exe

windows7-x64

7

16c1182bbf...13.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    118s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    30-12-2023 11:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    16c1182bbf3efe14caa8452d67a6e313.exe

  • Size

    370KB

  • MD5

    16c1182bbf3efe14caa8452d67a6e313

  • SHA1

    6d5cc4018d63b374fc0b0000d9c5b622ae646a51

  • SHA256

    1ac7beaa0a06a5b69e1ccc706030ddd4d675248f5e54fa150849908e158e2111

  • SHA512

    f6796d9d1f0d317169256346216ebd107b537908e0af0890414d0d8e0aa6045790d310199e2cca631986aa6e6b14b63b8c523c8c257b483591a75c2d276b8e74

  • SSDEEP

    6144:YWMU84YndcRsn2g8VcYXFQx66iPEXBPkubylI2oF7g4boZxnGPaFYMl+:DOdOsnBUcMZpPqtkuG+dbaFpFYC+

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16c1182bbf3efe14caa8452d67a6e313.exe
    "C:\Users\Admin\AppData\Local\Temp\16c1182bbf3efe14caa8452d67a6e313.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2848
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\avp.bat" "
      2⤵
      • Deletes itself
      PID:3048
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c "C:\Users\Admin\AppData\Roaming\KaspAVP3.exe"
      2⤵
        PID:2904

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\avp.bat
      Filesize

      231B

      MD5

      56b590d4295a14a1fc4e39ff0db9ff08

      SHA1

      b2db1c194a33d4b41792e283c55861d25993beea

      SHA256

      dab4ceee28064b7e591acf0093c73ee0fadb7e06ac9609349beac51f5d800e83

      SHA512

      f62e1811f5d74b4ffa41e5f555881e16cd6f9392aee706479f4a0a0480df4083b3a5c76208e261da2efa55455f95b07e269f13c30d99e9963bdc1c45b00315ca

      Download Submit

    • memory/2848-0-0x0000000000220000-0x0000000000221000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2848-9-0x0000000000400000-0x0000000000463000-memory.dmp

      Filesize

      396KB

      Download