19ca2ddf8abb5ffbd015c28aba710d2ffdc70c9895ec5b1effe57ae184e6db7b

Analysis

max time kernel
232s
max time network
246s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 03:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

hideippla.exe
Size

794KB
MD5

2188f38c3e8c51c70db94a347cdd4153
SHA1

899215bbdb3c193650f2a0fa8f975c290d395607
SHA256

b05af5d421c8bce20ca9b58563a0ab1a7a293f98c605bf42d4a5a80860720b93
SHA512

f0fe016f8f4a674f0e627e82a8677f86940185e50e64c70f8be11dc93d577a957fbcc2118561d9ad989cdcf1c1dd1fa09af836e6217ac013710788704ceab497
SSDEEP

24576:7I39dmT7A5hv5oAbbb4R2869e6XiJHgabEhgebVKo0Ld8:76de7APmA/U/miAFVbv4e

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3872	is-H2A7M.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 228 wrote to memory of 3872	228	hideippla.exe	91
PID 228 wrote to memory of 3872	228	hideippla.exe	91
PID 228 wrote to memory of 3872	228	hideippla.exe	91

C:\Users\Admin\AppData\Local\Temp\hideippla.exe
"C:\Users\Admin\AppData\Local\Temp\hideippla.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:228
- C:\Users\Admin\AppData\Local\Temp\is-2S1KI.tmp\is-H2A7M.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-2S1KI.tmp\is-H2A7M.tmp" /SL4 $12003A "C:\Users\Admin\AppData\Local\Temp\hideippla.exe" 533112 52224
  2⤵
  - Executes dropped EXE
  PID:3872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-2S1KI.tmp\is-H2A7M.tmp

Filesize
287KB

MD5
c64f0706e73dc9040ea560040afa3a00

SHA1
7ac3135471061986b5515fe5a6e5a42acc6df8dd

SHA256
9e5f3c396126dd696ac1404e4bfe10246dc5aeaf128ae5cd18890c9183340365

SHA512
6a4754860132e015accf83a146fc3dd47b388517170f1dead07b4eb4ba3dd4f6bee03e1c085a00be5b20978cffcca6c362790b858855d6b03ff8b8937f76ee6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-2S1KI.tmp\is-H2A7M.tmp

Filesize
647KB

MD5
b683339ce008e97a0243a0f83bca1e09

SHA1
a8a4c078225ec9d94912762bda3a745d83dbe8f4

SHA256
5c6b8a1ab73cd03140040a3093e0d8466c666cd3fe17e8660dbc1a30d0b6f925

SHA512
c39b2501f5887c363633c94b04d58396a0d285ff65963ed513e99ff2dd7f36da323904278c6a64b9f1f637aaeed17e3d9d40540baa9805369cc664a32c62c780

Download Submit
memory/228-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/228-6-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/3872-7-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/3872-13-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/3872-15-0x0000000000400000-0x00000000004B0000-memory.dmp

Filesize
704KB

Download
memory/3872-18-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download