2d2168fa55e8b9d337bd932853adc7c0da2c2f5a41891c6fbc379a93bc4a8c75

Analysis

max time kernel
0s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 01:40

Target

231e1c9531eca0ed6e2a355b560ee0f5.jad
Size

68KB
MD5

231e1c9531eca0ed6e2a355b560ee0f5
SHA1

476b3868f9927033fcf1dfe6d08de6470f8b2c65
SHA256

2d2168fa55e8b9d337bd932853adc7c0da2c2f5a41891c6fbc379a93bc4a8c75
SHA512

be53d0ee00239f9dc330aa1552135379848e3e62131b2475afedf014cabb890e406a6c8c261ae1a1fdb932e5b8c0375ece50beda735cbf0c64a5444b244192f3
SSDEEP

1536:EjUcFC+MEcVwy7GtW2insgvrGoZNGtW2insgvrGoZ6:EjUctob7ZsArG8ZsArG9

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2524	3032	cmd.exe	15
PID 3032 wrote to memory of 2524	3032	cmd.exe	15
PID 3032 wrote to memory of 2524	3032	cmd.exe	15

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" C:\Windows\system32\shell32.dll,OpenAs_RunDLL C:\Users\Admin\AppData\Local\Temp\231e1c9531eca0ed6e2a355b560ee0f5.jad
1⤵
PID:2524
- C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\231e1c9531eca0ed6e2a355b560ee0f5.jad"
  2⤵
  PID:2728

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\231e1c9531eca0ed6e2a355b560ee0f5.jad
1⤵
- Suspicious use of WriteProcessMemory
PID:3032

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact