67584bad59cac5231499cd03d9558af1a4ff8520cff71955352a3421d977bf72

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 07:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2c8d1ed5b2cc4a7eb1cba9ddef356d41.exe
Size

64KB
MD5

2c8d1ed5b2cc4a7eb1cba9ddef356d41
SHA1

33c6a75f2cf7f64f2c5161d7fe608fc7582ef4b9
SHA256

67584bad59cac5231499cd03d9558af1a4ff8520cff71955352a3421d977bf72
SHA512

d6ae85c3eecf32ee17295093674a18f8c4ea1348f4a526863f05fffa85e09982ef9ceb1f9d52d5be3d00a485b3fbdd90a4c1b0c0f89aaf8db1dcff48f5237a6a
SSDEEP

1536:sFPCb+XZ4Cz0LqsUW4jCUIS1bE+1gwSVzYDG4Y:sh0+J4Cz0LjV4j9IOE+1g/Vf4

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1744	cmd.exe

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2928-0-0x0000000000400000-0x0000000000421000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2928 wrote to memory of 1744	2928	2c8d1ed5b2cc4a7eb1cba9ddef356d41.exe	29
PID 2928 wrote to memory of 1744	2928	2c8d1ed5b2cc4a7eb1cba9ddef356d41.exe	29
PID 2928 wrote to memory of 1744	2928	2c8d1ed5b2cc4a7eb1cba9ddef356d41.exe	29
PID 2928 wrote to memory of 1744	2928	2c8d1ed5b2cc4a7eb1cba9ddef356d41.exe	29

C:\Users\Admin\AppData\Local\Temp\2c8d1ed5b2cc4a7eb1cba9ddef356d41.exe
"C:\Users\Admin\AppData\Local\Temp\2c8d1ed5b2cc4a7eb1cba9ddef356d41.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2928
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ttv..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:1744

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ttv..bat

Filesize
210B

MD5
9ef4c12751cf38dd0af9205389c1b0fb

SHA1
a4ca68b711e16d97da7488c41a4cf92d7f507800

SHA256
70d81acd1413d095c7a9346962aa92fb86380f6a22b5cf960fc739540e3241c5

SHA512
380547df54c8ba060bcbcdd05e828451eb5cbe631c303a721a22237ad4b33c039653627060d5a46a0d13a0d572afb93dc65346eaca369e554b3c3edba58b2e20

Download Submit
memory/2928-2-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2928-1-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2928-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2928-3-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/2928-5-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download