4c811d5e811422de16b2dfde6a69154b551ce13ff0773be8fae42b4c8325cd16

Analysis

max time kernel
118s
max time network
137s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 02:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

23c131f6069f020945e7f7b3c6d7482c.exe
Size

94KB
MD5

23c131f6069f020945e7f7b3c6d7482c
SHA1

3a5e3ed7beb5931c16d7ae886e02aad73b836436
SHA256

4c811d5e811422de16b2dfde6a69154b551ce13ff0773be8fae42b4c8325cd16
SHA512

9d27cd3f110a1111310e09322c071044ffccb68051adb5365a445633f79731d3c528595fc81415bc8891d22616b523904ab808a63f0fbb63cf2353bce9631c78
SSDEEP

1536:zfg+M2Y9oH+cpTKeyaI0Z/od8bDbRvU5yYeVYXrgITAGXBB3exYEjpepikFIy:zfgyY9oH+cTKGI0Z/oooeVYXrgI0GXW4

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2784	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1964 wrote to memory of 2784	1964	23c131f6069f020945e7f7b3c6d7482c.exe	29
PID 1964 wrote to memory of 2784	1964	23c131f6069f020945e7f7b3c6d7482c.exe	29
PID 1964 wrote to memory of 2784	1964	23c131f6069f020945e7f7b3c6d7482c.exe	29
PID 1964 wrote to memory of 2784	1964	23c131f6069f020945e7f7b3c6d7482c.exe	29

C:\Users\Admin\AppData\Local\Temp\23c131f6069f020945e7f7b3c6d7482c.exe
"C:\Users\Admin\AppData\Local\Temp\23c131f6069f020945e7f7b3c6d7482c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1964
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Uhv..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Uhv..bat

Filesize
210B

MD5
a958d23c4b9d2feafed766ddd1754351

SHA1
3777bb9ebbc98d3eba861130f0149a08940c59a1

SHA256
f3f65bce9b10ffa84b6690a336c70aa3daab30e07ec74a76106209a10a56655c

SHA512
2d4e0073e246e563098d1d8fafb96e63f0496f51fc91ad51a15627e24450a00abb99c4562fb15b5f6a12fe1ae97ebbaf089648e3e663565e00d2b85aa6aa0d02

Download Submit
memory/1964-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1964-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1964-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1964-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1964-5-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/1964-6-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download