78e231bbbe0d2c02b17b93f4a9784b8963ecc5d8a1799d5b6f3a46914688b131

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 10:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

15c2723612ac1b5a0c8ed6f145240cf0.exe
Size

148KB
MD5

15c2723612ac1b5a0c8ed6f145240cf0
SHA1

33041a0bd85a2ac89b5846be4e7ff32aab780c37
SHA256

78e231bbbe0d2c02b17b93f4a9784b8963ecc5d8a1799d5b6f3a46914688b131
SHA512

f6fa28b206708717130ae6e446b2629ded8fe376ce338d0beccba2114c75786274aa66fdf698d9d86e86d518abfd69cb53c90326ee50254c578acd176ea9426d
SSDEEP

3072:KgXdZt9P6D3XJY45mvftY1XG7KY0D/8DbbGsafbAX1sa++JIpNVd/C290bJ:Ke34SnvfyG7H0TY3GXEXSaspNVc5N

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 8 IoCs

pid	Process
4856	15c2723612ac1b5a0c8ed6f145240cf0.exe
4856	15c2723612ac1b5a0c8ed6f145240cf0.exe
4856	15c2723612ac1b5a0c8ed6f145240cf0.exe
4856	15c2723612ac1b5a0c8ed6f145240cf0.exe
4856	15c2723612ac1b5a0c8ed6f145240cf0.exe
4856	15c2723612ac1b5a0c8ed6f145240cf0.exe
4856	15c2723612ac1b5a0c8ed6f145240cf0.exe
4856	15c2723612ac1b5a0c8ed6f145240cf0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 1108	4856	15c2723612ac1b5a0c8ed6f145240cf0.exe	91
PID 4856 wrote to memory of 1108	4856	15c2723612ac1b5a0c8ed6f145240cf0.exe	91
PID 4856 wrote to memory of 1108	4856	15c2723612ac1b5a0c8ed6f145240cf0.exe	91

C:\Users\Admin\AppData\Local\Temp\15c2723612ac1b5a0c8ed6f145240cf0.exe
"C:\Users\Admin\AppData\Local\Temp\15c2723612ac1b5a0c8ed6f145240cf0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c \DelUS.bat
  2⤵
  PID:1108

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\DelUS.bat

Filesize
200B

MD5
c6a438a88b86059e3f15d1614c9a412b

SHA1
0e545e75a4cf1d7fc1a821d14ca59c5e56e000fe

SHA256
dc11d460302aa7857539495dda0d46ff0e10ec9e23bf5bdfe7c47b32ae403193

SHA512
e906641967f1de6739543fdf795c6c621f179906ca6a7b21c074c7086235bc8c5f9ba590da99dd576acd92e365171a139e3b72044d6962fbe7a97cea6054b70b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6C28.tmp\Dialer.dll

Filesize
3KB

MD5
4e6686aece13707435cce60dcb2ab572

SHA1
9bc7bcffa81e19ad315cab0f261e2394b99aa8f4

SHA256
b8bdabefe8360a157f287bf2b672d8d9a0453224a6b377348aa6a98438fccaf2

SHA512
a1936a86e1fd28a0d44e3e2bab4e41d3ebc6322155d47cd64df9d4ec1b3a093872f74f9848d39c6062242ea4f5af69b32e99f06fd892279b2a1a3cc6c1586e3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6C28.tmp\Math.dll

Filesize
66KB

MD5
9eb6cecdd0df9fe32027fcdb51c625af

SHA1
52b5b054ff6e7325c3087822901ea2f2c4f9572a

SHA256
54cf1572ed47f614b0ffb886c99fc5725f454ef7ff919fbb2fd13d1cbe270560

SHA512
864742ec6f74f94057b54cd9b09707c0125ac8db4844fa80af201e8b72a811bb68276c993e75bce67e5ece4f83644572edbdee5e963634c5a37839615faea97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6C28.tmp\MicroCount.dll

Filesize
52KB

MD5
2b9ccb55357bcdf94cbedbf2d4484853

SHA1
bf7a22e0f54741de3b60e75d08e9f5e37b047c19

SHA256
152d4ee2e8a3522f642ac8b624c7e65c89538da1c1c2300532540274c93089b3

SHA512
168becc845e7c6eaaae24e9267ca6338285b07af1a520e116d275fa2a4f89ecff1c6fa22c3276ebc421be5f0fa957939bc51e70cacd3068d1bdc61cdf2fb217e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6C28.tmp\SelfDelete.dll

Filesize
24KB

MD5
ddc0d6806073a5b034104c88288ca762

SHA1
9663cc10c496f05d6167e19c3920245040e5e431

SHA256
2f4767da9dc7e720d910d32d451674cd08b7892ca753ec5c10b11fe85e12f06b

SHA512
545ca797a397cfcbd9b5d3bd2da2e3219ba7a294e541831655c5763a7f17480fd0b990d0c2e58ba8c71f81d85472b2da6d079b8211b44c40c8c36d21168ec054

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6C28.tmp\System.dll

Filesize
11KB

MD5
00a0194c20ee912257df53bfe258ee4a

SHA1
d7b4e319bc5119024690dc8230b9cc919b1b86b2

SHA256
dc4da2ccadb11099076926b02764b2b44ad8f97cd32337421a4cc21a3f5448f3

SHA512
3b38a2c17996c3b77ebf7b858a6c37415615e756792132878d8eddbd13cb06710b7da0e8b58104768f8e475fc93e8b44b3b1ab6f70ddf52edee111aaf5ef5667

Download Submit
memory/4856-15-0x00000000022E0000-0x00000000022FA000-memory.dmp

Filesize
104KB

Download
memory/4856-23-0x0000000002300000-0x000000000230E000-memory.dmp

Filesize
56KB

Download