7c37bffc2c472899ba78dc4279c8824b21e0cdfde8bf52af39ca2cc084db539e

Analysis

max time kernel
173s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

19d4a83426aef700371f3a9f48dbc87c.exe
Size

268KB
MD5

19d4a83426aef700371f3a9f48dbc87c
SHA1

b7adfd23a802bdfc09df8856e2e6b41d857fc80c
SHA256

7c37bffc2c472899ba78dc4279c8824b21e0cdfde8bf52af39ca2cc084db539e
SHA512

cb1bfccc29191b62dd8c86ce69865c6246d0530f3220b799e966b309fee290cd084a27e2ca9d683aa04c703322d4b7144131de6395a242cc74eae0a0edac5103
SSDEEP

3072:TcaV8chwvZoE4aEmp+vRQzHcdu3orMjRX74QjqVmxtddPf1:TcaV8uwHBEeRHcQ3lL9ZxtvP9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3300	brhfzs.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2348	PING.EXE

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 4380 wrote to memory of 2508	4380	19d4a83426aef700371f3a9f48dbc87c.exe	42
PID 4380 wrote to memory of 2508	4380	19d4a83426aef700371f3a9f48dbc87c.exe	42
PID 4380 wrote to memory of 2508	4380	19d4a83426aef700371f3a9f48dbc87c.exe	42
PID 2508 wrote to memory of 3300	2508	cmd.exe	38
PID 2508 wrote to memory of 3300	2508	cmd.exe	38
PID 2508 wrote to memory of 3300	2508	cmd.exe	38
PID 2508 wrote to memory of 2348	2508	cmd.exe	39
PID 2508 wrote to memory of 2348	2508	cmd.exe	39
PID 2508 wrote to memory of 2348	2508	cmd.exe	39

C:\Users\Admin\AppData\Local\Temp\19d4a83426aef700371f3a9f48dbc87c.exe
"C:\Users\Admin\AppData\Local\Temp\19d4a83426aef700371f3a9f48dbc87c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4380
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\vzcewhx.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2508

C:\Users\Admin\AppData\Local\Temp\brhfzs.exe
"C:\Users\Admin\AppData\Local\Temp\brhfzs.exe"
1⤵
- Executes dropped EXE
PID:3300

C:\Windows\SysWOW64\PING.EXE
ping 127.0.0.1
1⤵
- Runs ping.exe
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Remote System Discovery

T1018

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\brhfzs.exe

Filesize
176KB

MD5
333a9e0804747fb78bbabed7d9fe11be

SHA1
68084030e77f6f2d11333fe4ed554fed4128027f

SHA256
d2583f03eed2cd8c5b1327a57f695490b6bb9d01f2ac9bf27d58d9d09edcc6b3

SHA512
42771997b1b7cfa319ad15a1f84f82cdbd097f7b631086f7756968151e65d797328f3bdedb4bd5e428d8a2a309fdfe5b76ea96e2427d53d1273ca675b082118c

Download Submit
C:\Users\Admin\AppData\Local\Temp\txayyf.bat

Filesize
156B

MD5
d35635336b9fb9519f93f2eacb0f1b95

SHA1
789dc46e2ba439d8825a5d45dbf9c19e85d4de01

SHA256
22fefde01f13f599bf8c5fbbcd0be1a9238cbe5c7a81278f97f28a725a2c07dd

SHA512
349f277a761ab4ef72a566a28de41aee03f85b830e08101f8b61f52911db1b0b1fd253232ff9bf2c1be5a75963d7b7f3bc1d8d1333a96260758e1688dee8207f

Download Submit
C:\Users\Admin\AppData\Local\Temp\vzcewhx.bat

Filesize
124B

MD5
1786a9a946f42386d5969b1060e6de03

SHA1
1c830b3b7688d75b320ab5f3db2aaa9635ec134a

SHA256
7b414e09c6913da021de438e3684637b1864eb7df354471e0cf90a03023e6481

SHA512
f95ed681ba68cddca827f03e343c89023e879ff1f5dd0eaa8b9512ec11afe623df222dc47d707922081ac60887ce6654965a511aad202ea1a4569203cf7c4e36

Download Submit