Analysis
-
max time kernel
142s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
31/12/2023, 06:54
Static task
static1
Behavioral task
behavioral1
Sample
2c5e47ad3abd108f94474e71f1741272.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2c5e47ad3abd108f94474e71f1741272.exe
Resource
win10v2004-20231215-en
General
-
Target
2c5e47ad3abd108f94474e71f1741272.exe
-
Size
8.4MB
-
MD5
2c5e47ad3abd108f94474e71f1741272
-
SHA1
6cc5551568ced7955b6789ae13bca2b5a39b9555
-
SHA256
e8ab6e03e40c8c642e05921f19885c49e3b8e11911fcf1afe23bc62b55ead2f0
-
SHA512
1a2d35ddfcaada43dee68a69883916277888989d1f8dba910e871baacb27a619f917144c65506ecad3f40fbfab4d2721497402387d4f84a2e566c5a728d45619
-
SSDEEP
196608:Lk7YzofFc4flgZ+A72kCFpcKVFTLW21mXUdvoHaWzH00G:LkYo9l6ZGz7cKnTLW21+c4jQT
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1508 2c5e47ad3abd108f94474e71f1741272.tmp -
Loads dropped DLL 4 IoCs
pid Process 1104 2c5e47ad3abd108f94474e71f1741272.exe 1508 2c5e47ad3abd108f94474e71f1741272.tmp 1508 2c5e47ad3abd108f94474e71f1741272.tmp 1508 2c5e47ad3abd108f94474e71f1741272.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
pid Process 1508 2c5e47ad3abd108f94474e71f1741272.tmp -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1104 wrote to memory of 1508 1104 2c5e47ad3abd108f94474e71f1741272.exe 28 PID 1104 wrote to memory of 1508 1104 2c5e47ad3abd108f94474e71f1741272.exe 28 PID 1104 wrote to memory of 1508 1104 2c5e47ad3abd108f94474e71f1741272.exe 28 PID 1104 wrote to memory of 1508 1104 2c5e47ad3abd108f94474e71f1741272.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c5e47ad3abd108f94474e71f1741272.exe"C:\Users\Admin\AppData\Local\Temp\2c5e47ad3abd108f94474e71f1741272.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1104 -
C:\Users\Admin\AppData\Local\Temp\is-OTACO.tmp\2c5e47ad3abd108f94474e71f1741272.tmp"C:\Users\Admin\AppData\Local\Temp\is-OTACO.tmp\2c5e47ad3abd108f94474e71f1741272.tmp" /SL5="$5014C,8446198,51712,C:\Users\Admin\AppData\Local\Temp\2c5e47ad3abd108f94474e71f1741272.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:1508
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
381KB
MD580637035f65554b92a1e6052bbf383fe
SHA1f00f7e897eae8021479db6ac9cec85cc2d756b90
SHA256f8c32a3d6f88635e608c280deee00021ec83c64807d704e809d77c8de0571ce3
SHA512980a958bfeb61c6b103454f9d630e6a2ef3c924c0f51a6f6738b663dee18fd70b725db093fea0d6f4840553ad6bf54a247734401e284322099f03e4002904b15
-
Filesize
274KB
MD547e4749eb7f595aa8aafed1a4277d2cb
SHA1fb994ea01b9dd8bd3509b2059b1d793cbec11015
SHA256e687e2b5d5eb66860ac32b0e4c985d66d60816f6a20d0db7a6e11d73b3567816
SHA5126475b37005784995c88b77d5703a428af48d97606ac97ab4c28484d895b0f6ba377c1dc9328bcf112f79101a2f9d7463cb2f24ab7ea408f0c6a4200aedc0221d
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
676KB
MD50ceb80916652e6346b490a3519f23783
SHA1d963ddff57f19ca1d8df1a3cdfc440ffe79a478b
SHA25619f548bab801d6c7045f81199ebaa5047078b50388aeb8215d5874638bc5c213
SHA5120b5ffb32fa0e21cdab89110c784777eed5a459ed7a78558445456e40b4effcce170be073a34f8788fdef742df6c89cfa196f5d00d56263098ec5122e6b5e43cf