cb87a19bf9a8a5f240a702972d9a0c7bd4d7af3daa96a2b4c1c00adf7113b081

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 13:47

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1a808ab3bf78a30e86f7d62390659f14.exe
Size

199KB
MD5

1a808ab3bf78a30e86f7d62390659f14
SHA1

88c57589dbe5f68d3aa250359d89ccdd4bb56e94
SHA256

cb87a19bf9a8a5f240a702972d9a0c7bd4d7af3daa96a2b4c1c00adf7113b081
SHA512

837d889d943ebe1ee6924854fa8bc63af6551e1450353a0db762b5e95f1b39541e17b1a380a7cd20928df92eeb2f4bfa77d3f94221db3b7b4a2b40ac03016e60
SSDEEP

6144:U+oB1UHzB6eAjvqwkT1RSL3IWskqUbv3M4Oj/n:U9ytqzqwGRSL3IHx4OjP

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2820	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2396 wrote to memory of 2820	2396	1a808ab3bf78a30e86f7d62390659f14.exe	28
PID 2396 wrote to memory of 2820	2396	1a808ab3bf78a30e86f7d62390659f14.exe	28
PID 2396 wrote to memory of 2820	2396	1a808ab3bf78a30e86f7d62390659f14.exe	28
PID 2396 wrote to memory of 2820	2396	1a808ab3bf78a30e86f7d62390659f14.exe	28
PID 2396 wrote to memory of 2820	2396	1a808ab3bf78a30e86f7d62390659f14.exe	28
PID 2396 wrote to memory of 2820	2396	1a808ab3bf78a30e86f7d62390659f14.exe	28
PID 2396 wrote to memory of 2820	2396	1a808ab3bf78a30e86f7d62390659f14.exe	28

C:\Users\Admin\AppData\Local\Temp\1a808ab3bf78a30e86f7d62390659f14.exe
"C:\Users\Admin\AppData\Local\Temp\1a808ab3bf78a30e86f7d62390659f14.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2396
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Kxp..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Kxp..bat

Filesize
210B

MD5
790b9b098730c9e68f85ea8d0d74f861

SHA1
1fd387c6ce1df8866d380b26a24d928ed454bbf8

SHA256
9cad8d5a9c7148474d0f6b1440a5665a08687bdbbff5fdf8016c0a88be4df8b8

SHA512
2ea5b004dfec678e767c3ca5275f9671213b035bb629965a5c802748b1cf478bc3f8a2fd5ded5f60e461e31980d644e020010de042bae88cd80047e5bdb24ff0

Download Submit
memory/2396-0-0x00000000003D0000-0x00000000003E2000-memory.dmp

Filesize
72KB

Download
memory/2396-1-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2396-3-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download