7621d066b672b9f6ef5563386606cfcf2a650c88096986bcb67c6bcaf7be173d

Analysis

max time kernel
119s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 12:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

36c055a1718897e0c97699adcc31f0bf.exe
Size

162KB
MD5

36c055a1718897e0c97699adcc31f0bf
SHA1

a8026ad291803ff30e5cbfc246c0d1120af56856
SHA256

7621d066b672b9f6ef5563386606cfcf2a650c88096986bcb67c6bcaf7be173d
SHA512

bc8b7e93b44b3c1f7d022019b8479794ee0d866edec6d2005fd1755fe5a9c7b1b4591d4f4117ae84fbf12876e5a4bafcf7027fd8fb8cb5ec6a44077dddd894a9
SSDEEP

1536:0vn9DmOPj3/EyIR1Y+IjIVZgFNyifN/E3+gHurSwzMpE1gNYlVLNl:0l3TIR1YzNy8E3+dGna1rLNl

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2380	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 836 wrote to memory of 2380	836	36c055a1718897e0c97699adcc31f0bf.exe	29
PID 836 wrote to memory of 2380	836	36c055a1718897e0c97699adcc31f0bf.exe	29
PID 836 wrote to memory of 2380	836	36c055a1718897e0c97699adcc31f0bf.exe	29
PID 836 wrote to memory of 2380	836	36c055a1718897e0c97699adcc31f0bf.exe	29
PID 836 wrote to memory of 2380	836	36c055a1718897e0c97699adcc31f0bf.exe	29
PID 836 wrote to memory of 2380	836	36c055a1718897e0c97699adcc31f0bf.exe	29
PID 836 wrote to memory of 2380	836	36c055a1718897e0c97699adcc31f0bf.exe	29

C:\Users\Admin\AppData\Local\Temp\36c055a1718897e0c97699adcc31f0bf.exe
"C:\Users\Admin\AppData\Local\Temp\36c055a1718897e0c97699adcc31f0bf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:836
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Slj..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Slj..bat

Filesize
210B

MD5
ac72dd5f60129f7ac4c75ae2d6c93a09

SHA1
4ea96e0994fcb6ee4ec5f15ad58d4c97740a163a

SHA256
3730f40431db378ffd50654705e3899ce984b5f0b30b8fd69909b69761478959

SHA512
10790092a602918f36e6938672d0abdaa935d7761e2128a347b54c696198b1323942443cd40cb5bc67b07cacf190fe0255c296120000dfce82740a1f44e94c1a

Download Submit
memory/836-1-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download
memory/836-0-0x00000000002B0000-0x00000000002C2000-memory.dmp

Filesize
72KB

Download
memory/836-3-0x0000000000400000-0x000000000042D000-memory.dmp

Filesize
180KB

Download