02b2a8201bb91c5f0c9f7518e60551dc0853ffd34c5adc112ed855dc541fe25d

Analysis

max time kernel
141s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 02:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

25523720c841da553362207c150413b0.exe
Size

73KB
MD5

25523720c841da553362207c150413b0
SHA1

6ec8c9a59fb7a7998ff5edf6336e039d697b269c
SHA256

02b2a8201bb91c5f0c9f7518e60551dc0853ffd34c5adc112ed855dc541fe25d
SHA512

422463018a667f7d0e0009c3bab7df41deec885f731f72a241344d309b691f18f472e31210d6730c6fb0aa80f930f903a9a637083ea3b8d2ae36b397c7083792
SSDEEP

1536:zmj69PGuFELh3YOJW9dLJMrp9gQbsZQgtGqOTa:zmj65PEZJYtJM/aXGqca

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2264	pinch.exe
2300	ipdbrute_1.5.191.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2300-12-0x0000000000400000-0x000000000041A000-memory.dmp	upx

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\pinch.exe	25523720c841da553362207c150413b0.exe
File opened for modification	C:\Windows\pinch.exe	25523720c841da553362207c150413b0.exe
File created	C:\Windows\ipdbrute_1.5.191.exe	25523720c841da553362207c150413b0.exe
File opened for modification	C:\Windows\ipdbrute_1.5.191.exe	25523720c841da553362207c150413b0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1660 wrote to memory of 2264	1660	25523720c841da553362207c150413b0.exe	18
PID 1660 wrote to memory of 2264	1660	25523720c841da553362207c150413b0.exe	18
PID 1660 wrote to memory of 2264	1660	25523720c841da553362207c150413b0.exe	18
PID 1660 wrote to memory of 2264	1660	25523720c841da553362207c150413b0.exe	18

C:\Users\Admin\AppData\Local\Temp\25523720c841da553362207c150413b0.exe
"C:\Users\Admin\AppData\Local\Temp\25523720c841da553362207c150413b0.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1660
- C:\Windows\ipdbrute_1.5.191.exe
  "C:\Windows\ipdbrute_1.5.191.exe"
  2⤵
  - Executes dropped EXE
  PID:2300
- C:\Windows\pinch.exe
  "C:\Windows\pinch.exe"
  2⤵
  - Executes dropped EXE
  PID:2264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1660-13-0x0000000000400000-0x0000000000419000-memory.dmp

Filesize
100KB

Download
memory/2264-14-0x0000000013140000-0x000000001317B000-memory.dmp

Filesize
236KB

Download
memory/2300-12-0x0000000000400000-0x000000000041A000-memory.dmp

Filesize
104KB

Download