dab6485c04ffc52d7cc23570725c5d4224ca80fc2a7fda7ee6a1745ddcbf48e6

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 14:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1affd50670060588d5b5be4b76d7ae0b.exe
Size

5.1MB
MD5

1affd50670060588d5b5be4b76d7ae0b
SHA1

a0eefe28eaa95e5149ce2a86826af1e32fcc44bf
SHA256

dab6485c04ffc52d7cc23570725c5d4224ca80fc2a7fda7ee6a1745ddcbf48e6
SHA512

19930ec82565982eafcb21828240b0d2b5638e7e96dbe30d422178d2fc16e86fa2380d2f0199e5f67ce63ec23db67927ff7c41c408fc3b89ccee683ec571e803
SSDEEP

98304:XEDicWqUJX3wl8OPTj+vvwkivKSO2jmACqsY8EqvT3CKhzYGZsiy/jBzlK9:UDbsX3wl88TqvvyOkdJsY8EGTyCYhe9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
932	is-CEK4H.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3080 wrote to memory of 932	3080	1affd50670060588d5b5be4b76d7ae0b.exe	88
PID 3080 wrote to memory of 932	3080	1affd50670060588d5b5be4b76d7ae0b.exe	88
PID 3080 wrote to memory of 932	3080	1affd50670060588d5b5be4b76d7ae0b.exe	88

C:\Users\Admin\AppData\Local\Temp\1affd50670060588d5b5be4b76d7ae0b.exe
"C:\Users\Admin\AppData\Local\Temp\1affd50670060588d5b5be4b76d7ae0b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3080
- C:\Users\Admin\AppData\Local\Temp\is-D5Q0H.tmp\is-CEK4H.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-D5Q0H.tmp\is-CEK4H.tmp" /SL4 $50192 C:\Users\Admin\AppData\Local\Temp\1affd50670060588d5b5be4b76d7ae0b.exe 5033318 71680
  2⤵
  - Executes dropped EXE
  PID:932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-D5Q0H.tmp\is-CEK4H.tmp

Filesize
635KB

MD5
af70061115aa374efa5ed8e4e35d34f7

SHA1
6f24ad0c42e9c5fb5e1a8980f37f55d6f4dbb585

SHA256
fa7d8741eb5811b4ff249fc8ad8e536c3dfed73dafa9364cc4e04292e228aa78

SHA512
6924cb23050fb7e5730c339e4f19299668040f30ec7ac43c74222447aa6bcd22d2146a0586c5a63b714ebe70ef42f6888fba6d16bfa46e8131eb5e2812e8ed3b

Download Submit
memory/932-7-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/932-12-0x0000000000400000-0x00000000004AD000-memory.dmp

Filesize
692KB

Download
memory/932-15-0x0000000000650000-0x0000000000651000-memory.dmp

Filesize
4KB

Download
memory/3080-0-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3080-2-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/3080-11-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download