dc58aca90e7884d0ad732ea91a33824a37361b8a6ba339d9efa2e9ff2dade94b

Analysis

max time kernel
1s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 13:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1a7726867c9d2217785fab6bd7799272.exe
Size

403KB
MD5

1a7726867c9d2217785fab6bd7799272
SHA1

64f8253f295f88fa1fe8d8556c5254cda953450c
SHA256

dc58aca90e7884d0ad732ea91a33824a37361b8a6ba339d9efa2e9ff2dade94b
SHA512

f61b4996423128d7401cce42de3c2968c6611eb722e9235448e7acc0e5a34854fca80eb82080de40cfc9107a4b04c5180aaa2e1012f30ae5f484db62cc8d8b9c
SSDEEP

3072:nniGpcwxIdrijNVKUhmHA3uc4RHlQlEGzOIOK8UzyPaXKu:nnnpcwyojNA3Hs4FHGzOIcUzyPwKu

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
2612	taskkill.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
3484	PING.EXE

C:\Users\Admin\AppData\Local\Temp\1a7726867c9d2217785fab6bd7799272.exe
"C:\Users\Admin\AppData\Local\Temp\1a7726867c9d2217785fab6bd7799272.exe"
1⤵
PID:3980
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c taskkill /f /pid 3980 & ping -n 3 127.1 & del /f /q "C:\Users\Admin\AppData\Local\Temp\1a7726867c9d2217785fab6bd7799272.exe" & start C:\Users\Admin\AppData\Local\AWTEYT~1.EXE -f
  2⤵
  PID:4720
- - C:\Users\Admin\AppData\Local\awteytazh.exe
    C:\Users\Admin\AppData\Local\AWTEYT~1.EXE -f
    3⤵
    PID:2000

C:\Windows\SysWOW64\taskkill.exe
taskkill /f /pid 3980
1⤵
- Kills process with taskkill
PID:2612

C:\Windows\SysWOW64\PING.EXE
ping -n 3 127.1
1⤵
- Runs ping.exe
PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2000-11-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-15-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-28-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-9-0x0000000002860000-0x000000000296D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-7-0x0000000000540000-0x0000000000542000-memory.dmp

Filesize
8KB

Download
memory/2000-26-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-13-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-24-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-17-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-19-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/2000-21-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/3980-3-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/3980-0-0x0000000001000000-0x000000000110D000-memory.dmp

Filesize
1.1MB

Download
memory/3980-1-0x00000000005A0000-0x00000000005A2000-memory.dmp

Filesize
8KB

Download