Analysis
-
max time kernel
142s -
max time network
155s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
31/12/2023, 06:54
Static task
static1
Behavioral task
behavioral1
Sample
2c5e47ad3abd108f94474e71f1741272.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
2c5e47ad3abd108f94474e71f1741272.exe
Resource
win10v2004-20231215-en
General
-
Target
2c5e47ad3abd108f94474e71f1741272.exe
-
Size
8.4MB
-
MD5
2c5e47ad3abd108f94474e71f1741272
-
SHA1
6cc5551568ced7955b6789ae13bca2b5a39b9555
-
SHA256
e8ab6e03e40c8c642e05921f19885c49e3b8e11911fcf1afe23bc62b55ead2f0
-
SHA512
1a2d35ddfcaada43dee68a69883916277888989d1f8dba910e871baacb27a619f917144c65506ecad3f40fbfab4d2721497402387d4f84a2e566c5a728d45619
-
SSDEEP
196608:Lk7YzofFc4flgZ+A72kCFpcKVFTLW21mXUdvoHaWzH00G:LkYo9l6ZGz7cKnTLW21+c4jQT
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4212 2c5e47ad3abd108f94474e71f1741272.tmp -
Loads dropped DLL 1 IoCs
pid Process 4212 2c5e47ad3abd108f94474e71f1741272.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2536 wrote to memory of 4212 2536 2c5e47ad3abd108f94474e71f1741272.exe 30 PID 2536 wrote to memory of 4212 2536 2c5e47ad3abd108f94474e71f1741272.exe 30 PID 2536 wrote to memory of 4212 2536 2c5e47ad3abd108f94474e71f1741272.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\2c5e47ad3abd108f94474e71f1741272.exe"C:\Users\Admin\AppData\Local\Temp\2c5e47ad3abd108f94474e71f1741272.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2536 -
C:\Users\Admin\AppData\Local\Temp\is-13KVV.tmp\2c5e47ad3abd108f94474e71f1741272.tmp"C:\Users\Admin\AppData\Local\Temp\is-13KVV.tmp\2c5e47ad3abd108f94474e71f1741272.tmp" /SL5="$70210,8446198,51712,C:\Users\Admin\AppData\Local\Temp\2c5e47ad3abd108f94474e71f1741272.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:4212
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
92KB
MD578943e28c7861defbc7821dfdfff6fc5
SHA181569f82727cde12faf8c6f92dc2448289816101
SHA256149d4e4e71a5f0a14b57b0235ea509ec3eb89395000833f13f48f6cc46c30d22
SHA5120f0bda0b72dc594e45902f1f6c0ed47f6fe1f1cc3f34d087188dbfcdc2eac365d9c07e515637f5056080b2bbae1ebb377f68d2ce58270109b4f795f8a2dce145