499dcf9011ea82fedd4a93045126d7ac43ceb0740fdfeac57d5e2c482e913d96

Analysis

max time kernel
142s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 13:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

38a7650d049798d3cdde44b30fcb182b.exe
Size

2.2MB
MD5

38a7650d049798d3cdde44b30fcb182b
SHA1

eb569cb9deeb04c9afd3c9bfe79bc90e67f7ea4e
SHA256

499dcf9011ea82fedd4a93045126d7ac43ceb0740fdfeac57d5e2c482e913d96
SHA512

f3fc18cb1dbd50abed98c25b7313b67e2493eeba626bfa9b0d719fab0917cccba8ea95404e97b5eab2841e0ef010ac1e42667b7005799be04a179af3b4449b78
SSDEEP

49152:kUv8Lkr77yfUN1KC9Bk2sC3cK5cswOmrz0zju997LCrBErCVa:nikr7g21fjkFCsK5Dyrz4jU2SuVa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4652	is-6L5IJ.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1352 wrote to memory of 4652	1352	38a7650d049798d3cdde44b30fcb182b.exe	17
PID 1352 wrote to memory of 4652	1352	38a7650d049798d3cdde44b30fcb182b.exe	17
PID 1352 wrote to memory of 4652	1352	38a7650d049798d3cdde44b30fcb182b.exe	17

C:\Users\Admin\AppData\Local\Temp\38a7650d049798d3cdde44b30fcb182b.exe
"C:\Users\Admin\AppData\Local\Temp\38a7650d049798d3cdde44b30fcb182b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1352
- C:\Users\Admin\AppData\Local\Temp\is-4TSIV.tmp\is-6L5IJ.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-4TSIV.tmp\is-6L5IJ.tmp" /SL4 $B0060 C:\Users\Admin\AppData\Local\Temp\38a7650d049798d3cdde44b30fcb182b.exe 2241457 104448
  2⤵
  - Executes dropped EXE
  PID:4652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-4TSIV.tmp\is-6L5IJ.tmp

Filesize
607KB

MD5
8eb9d48dcc11c290a273ada9b0a8ea11

SHA1
ecf92de726a8b52bb9394766832cc4975ebe1328

SHA256
48869d803fb11a0f3fbeef0bcd65bb0abd68ef67e00d8195d5788455ff750fee

SHA512
316e763c2db1404b74630438ff864647c61d9992327e1044e1d88505ec3ed26998c98e7860d355a273394b9d40df64998be86beef2bcd9140e209ad11a8b4a90

Download Submit
memory/1352-2-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1352-0-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/1352-11-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download
memory/4652-7-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/4652-12-0x0000000000400000-0x00000000004A6000-memory.dmp

Filesize
664KB

Download
memory/4652-15-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download