53eb7986abeb06286d524f2d194f25b0905b9ae0b6bd0f56a0fa8d66d3d0bfd0

Analysis

max time kernel
2s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 20:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

3b072cb61b2b524b25121882d75c72dd.exe
Size

173KB
MD5

3b072cb61b2b524b25121882d75c72dd
SHA1

1c876353e6a49bf69c1ca4ec7a9c8dd02ddb9521
SHA256

53eb7986abeb06286d524f2d194f25b0905b9ae0b6bd0f56a0fa8d66d3d0bfd0
SHA512

46126292c56d2e9f7d124e402d330a983aaf78c7831f3786c295daf18ee6b7bebdf9eaadaadeb3bbf886010b8194e20d116f3d072d03acf5e6b77167643ef357
SSDEEP

3072:CnOn7t7XpdpCCTg/sxFgJDSlC0gybC1V8A1S8l1KiGmq5qforblnyU7VWLL:CKpdcCrTq901WYAjohB5qfonlyU7VGL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2160	northstar.exe

Loads dropped DLL 3 IoCs

pid	Process
2224	3b072cb61b2b524b25121882d75c72dd.exe
2224	3b072cb61b2b524b25121882d75c72dd.exe
2224	3b072cb61b2b524b25121882d75c72dd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 2160	2224	3b072cb61b2b524b25121882d75c72dd.exe	17
PID 2224 wrote to memory of 2160	2224	3b072cb61b2b524b25121882d75c72dd.exe	17
PID 2224 wrote to memory of 2160	2224	3b072cb61b2b524b25121882d75c72dd.exe	17
PID 2224 wrote to memory of 2160	2224	3b072cb61b2b524b25121882d75c72dd.exe	17

C:\Users\Admin\AppData\Local\Temp\3b072cb61b2b524b25121882d75c72dd.exe
"C:\Users\Admin\AppData\Local\Temp\3b072cb61b2b524b25121882d75c72dd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Users\Admin\AppData\Local\Temp\nsy1B40.tmp\northstar.exe
  C:\Users\Admin\AppData\Local\Temp\nsy1B40.tmp\northstar.exe /u4fd99101-fa18-4898-bfd9-098a5bc06f2f /e4683473 /dT201212161744
  2⤵
  - Executes dropped EXE
  PID:2160

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2160-15-0x0000000074510000-0x0000000074ABB000-memory.dmp

Filesize
5.7MB

Download
memory/2160-24-0x0000000000B60000-0x0000000000BA0000-memory.dmp

Filesize
256KB

Download
memory/2160-23-0x0000000074510000-0x0000000074ABB000-memory.dmp

Filesize
5.7MB

Download
memory/2160-79-0x0000000000B60000-0x0000000000BA0000-memory.dmp

Filesize
256KB

Download
memory/2160-78-0x0000000000B60000-0x0000000000BA0000-memory.dmp

Filesize
256KB

Download
memory/2160-80-0x0000000074510000-0x0000000074ABB000-memory.dmp

Filesize
5.7MB

Download
memory/2224-84-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download