12a1ba33e9cce4dae8a1a8c6130729db59222f0e4ebf33fa3e3396abb8016127

Analysis

max time kernel
0s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2990ace023ec1d413225b24754015228.exe
Size

718KB
MD5

2990ace023ec1d413225b24754015228
SHA1

8f08dffa8f1861ac940b43ce9d3b72dc790f508a
SHA256

12a1ba33e9cce4dae8a1a8c6130729db59222f0e4ebf33fa3e3396abb8016127
SHA512

56bc8c03e86eb35baa269aed966d5fcf9a1d42ee8feb240d9965e5dbae23ad4ccb953302a387539d8f7f03dd2b36501130520e0c0827a9ee5231fbe387da54a7
SSDEEP

12288:q4BS2ly9NKPRdegPsgQr/745jezvROTVo80d1WU1ntTxJ10gJ1TvzVL+ieu:qhhKeiHQr/s1uRCBQWMxDpVLLeu

Score

7^/10

upx

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2912	2990ace023ec1d413225b24754015228.exe
2140	2990ace023ec1d413225b24754015228.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/672-209-0x0000000003300000-0x000000000330C000-memory.dmp	upx
behavioral2/memory/672-420-0x0000000003300000-0x000000000330C000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2140	2912	2990ace023ec1d413225b24754015228.exe	26
PID 2912 wrote to memory of 2140	2912	2990ace023ec1d413225b24754015228.exe	26
PID 2912 wrote to memory of 2140	2912	2990ace023ec1d413225b24754015228.exe	26
PID 2140 wrote to memory of 672	2140	2990ace023ec1d413225b24754015228.exe	25
PID 2140 wrote to memory of 672	2140	2990ace023ec1d413225b24754015228.exe	25
PID 2140 wrote to memory of 672	2140	2990ace023ec1d413225b24754015228.exe	25

C:\Users\Admin\AppData\Local\Temp\2990ace023ec1d413225b24754015228.exe
"C:\Users\Admin\AppData\Local\Temp\2990ace023ec1d413225b24754015228.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Users\Admin\AppData\Local\Temp\2990ace023ec1d413225b24754015228.exe
  "C:\Users\Admin\AppData\Local\Temp\2990ace023ec1d413225b24754015228.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2140

C:\Users\Admin\AppData\Local\Temp\2990ace023ec1d413225b24754015228.exe
"C:\Users\Admin\AppData\Local\Temp\2990ace023ec1d413225b24754015228.exe"
1⤵
PID:672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nse5E10.tmp\LuaBridge.dll

Filesize
62KB

MD5
4e08fe995ab74ba4d145ddb77ea095fc

SHA1
e4bb337e40069c097e7abd566b7427b11fb124ee

SHA256
ace3c561f186dfbb5c992f85ea2ab4d3061894509af6960e9d819152afa46b17

SHA512
b056fbe0e79d90f8ce0908eb2b75f589e4415ed462868aaff6032f12dde394058cd221d317b92fc4809aa27d6cf2e801c4215db3cab1267ebd9dbc9af7b7041f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nse5E10.tmp\System.dll

Filesize
10KB

MD5
7e3c808299aa2c405dffa864471ddb7f

SHA1
b5de7804dd35ed7afd0c3b59d866f1a0749495e0

SHA256
91c47a9a54a3a8c359e89a8b4e133e6b7296586748ed3e8f4fe566abd6c81ddd

SHA512
599f61d5270227a68e5c4b8db41b5aa7bc17a4bbe91dd7336b410516fa6107f4f5bf0bbb3f6cc4b2e15b16bf9495fdc70832bab6262046cb136ad18f0c9b3738

Download Submit
memory/672-107-0x0000000003270000-0x0000000003286000-memory.dmp

Filesize
88KB

Download
memory/672-141-0x00000000032C0000-0x00000000032CE000-memory.dmp

Filesize
56KB

Download
memory/672-209-0x0000000003300000-0x000000000330C000-memory.dmp

Filesize
48KB

Download
memory/672-40-0x0000000074CF0000-0x0000000074D4E000-memory.dmp

Filesize
376KB

Download
memory/672-421-0x0000000074CF0000-0x0000000074D4E000-memory.dmp

Filesize
376KB

Download
memory/672-420-0x0000000003300000-0x000000000330C000-memory.dmp

Filesize
48KB

Download
memory/672-419-0x0000000003260000-0x0000000003269000-memory.dmp

Filesize
36KB

Download