437d6e791269d2964b3afd9783ce74a4e03a9d69c3c78b02116055066d076092

Analysis

max time kernel
117s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 18:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1e09d06a6c9654b059dab4a5a03fc005.exe
Size

508KB
MD5

1e09d06a6c9654b059dab4a5a03fc005
SHA1

6871276a089a443d06209b3ee7c3b84cf930b3a9
SHA256

437d6e791269d2964b3afd9783ce74a4e03a9d69c3c78b02116055066d076092
SHA512

eedb916885cbc649b99d53ec766cededb28abdf346b82b311d5dc94e91ae226b05b1f93dd6f2fe1f57d083ced368b30eee50cc9236376a89eaa1691ae56f4d66
SSDEEP

6144:dck18MipfIUaQYu8tbS6JBcj0U5hjX/Tvf8MJYFW8jb/HFbdsifRe9+cH:dX8Djadu8J4YSjX/THmxrlbBGHH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2628	2060	1e09d06a6c9654b059dab4a5a03fc005.exe	28
PID 2060 wrote to memory of 2628	2060	1e09d06a6c9654b059dab4a5a03fc005.exe	28
PID 2060 wrote to memory of 2628	2060	1e09d06a6c9654b059dab4a5a03fc005.exe	28
PID 2060 wrote to memory of 2628	2060	1e09d06a6c9654b059dab4a5a03fc005.exe	28

C:\Users\Admin\AppData\Local\Temp\1e09d06a6c9654b059dab4a5a03fc005.exe
"C:\Users\Admin\AppData\Local\Temp\1e09d06a6c9654b059dab4a5a03fc005.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Roaming\dnb14C1.tmp.bat" "C:\Users\Admin\AppData\Local\Temp\1e09d06a6c9654b059dab4a5a03fc005.exe""
  2⤵
  PID:2628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\dnb14C1.tmp.bat

Filesize
37B

MD5
054d67e234a453bb95a0d890df0d9de2

SHA1
580de99d187d41065851e63df517f4b0a6abb04f

SHA256
72f3a9e1522b22bfa30a0abd2c6f8f475597b0a8c6f68393d1d73854c6b1b41e

SHA512
39d7f47cd32e036c2a17f513f9638a0d8fd7fa555529522f18dec00d24bac9d4dd6a9d19b233b85cf3fc4b1079f86dd1da1fc053c12319a9b1026c5053108b8e

Download Submit
memory/2060-0-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2060-3-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/2060-2-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2060-1-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2060-18-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download