Overview

overview

7

Static

static

3

2a191009fb...11.exe

windows7-x64

7

2a191009fb...11.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    0s
  • max time network
    146s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    31-12-2023 05:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2a191009fb7b2665ee2f1f78a6f38211.exe

  • Size

    2.5MB

  • MD5

    2a191009fb7b2665ee2f1f78a6f38211

  • SHA1

    a15fd55d33a4484cde777089a50dd6a73938c540

  • SHA256

    f91f8abfb1586925a6096ffd1a862550211a55d286cd0394d4ab984a529e4c58

  • SHA512

    15daf728e0dcc43b24ed35de35c2d5682df7b1664c48a7a8f41ff6aba4d7f60608123477a0a7daef702dc1ded937066c93c3c8e4f6e25d54c98fd90d54a6285f

  • SSDEEP

    49152:oky796EvMtTx435MtV+Oj29Ls3t/cwCxHHlc2KP1z8o/MO2Uqed3yBI1rp:o7AEvgVOy29Ls3JslVYzjMO26ie

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2a191009fb7b2665ee2f1f78a6f38211.exe
    "C:\Users\Admin\AppData\Local\Temp\2a191009fb7b2665ee2f1f78a6f38211.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4512
    • C:\Users\Admin\AppData\Local\Temp\is-SQTHN.tmp\2a191009fb7b2665ee2f1f78a6f38211.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-SQTHN.tmp\2a191009fb7b2665ee2f1f78a6f38211.tmp" /SL5="$401C6,2280122,153088,C:\Users\Admin\AppData\Local\Temp\2a191009fb7b2665ee2f1f78a6f38211.exe"
      2⤵
      • Executes dropped EXE
      PID:3092
      • C:\Users\Admin\AppData\Local\Temp\is-ERL22.tmp\WMF.exe
        "C:\Users\Admin\AppData\Local\Temp\is-ERL22.tmp\WMF.exe" /aid=0 /sub=0 /sid=42 /name="4.rar" /fid= /stats=cS71pQPkuOys9C/drFU6n3IGsFZjWHRvzkHz3c2b3dwwR8mVZjZgLS2XN8hbXBHVQJx8wSdATUdUxi47zhaKew== /param=0
        3⤵
          PID:4664

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/3092-7-0x0000000000630000-0x0000000000631000-memory.dmp

      Filesize

      4KB

      Download

    • memory/3092-37-0x0000000000400000-0x0000000000529000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/4512-2-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/4512-0-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/4512-36-0x0000000000400000-0x0000000000430000-memory.dmp

      Filesize

      192KB

      Download

    • memory/4664-34-0x0000000002580000-0x0000000002581000-memory.dmp

      Filesize

      4KB

      Download

    • memory/4664-38-0x0000000000400000-0x00000000007E2000-memory.dmp

      Filesize

      3.9MB

      Download

    • memory/4664-42-0x0000000002580000-0x0000000002581000-memory.dmp

      Filesize

      4KB

      Download