869163232563ac7c5e438842a4b5cdd8c8c308062c6f7014bfe76851be9738f9

Analysis

max time kernel
141s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 21:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3dedab92a45af6bf9691bce6dce18eef.exe
Size

398KB
MD5

3dedab92a45af6bf9691bce6dce18eef
SHA1

3dd800257d4631cf9e055f426a584dc84f1dc426
SHA256

869163232563ac7c5e438842a4b5cdd8c8c308062c6f7014bfe76851be9738f9
SHA512

17aad162660578bb16ac8a7d5a921776026d274ea9efba7ec0ad2f5d5e205937b0f70a740efd796f37572b267eb29d228b2a453588a0d0e9c317778a45f6ea49
SSDEEP

12288:gutrzh9xOXkk6fDYBUsdYmgTLZguBodFLPIhzhSdb:gutr5OUk6f+UsvkFgsIChEb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2984	Plug de Seguranca.exe

Loads dropped DLL 2 IoCs

pid	Process
2904	3dedab92a45af6bf9691bce6dce18eef.exe
2904	3dedab92a45af6bf9691bce6dce18eef.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 2984	2904	3dedab92a45af6bf9691bce6dce18eef.exe	28
PID 2904 wrote to memory of 2984	2904	3dedab92a45af6bf9691bce6dce18eef.exe	28
PID 2904 wrote to memory of 2984	2904	3dedab92a45af6bf9691bce6dce18eef.exe	28
PID 2904 wrote to memory of 2984	2904	3dedab92a45af6bf9691bce6dce18eef.exe	28
PID 2904 wrote to memory of 2984	2904	3dedab92a45af6bf9691bce6dce18eef.exe	28
PID 2904 wrote to memory of 2984	2904	3dedab92a45af6bf9691bce6dce18eef.exe	28
PID 2904 wrote to memory of 2984	2904	3dedab92a45af6bf9691bce6dce18eef.exe	28

C:\Users\Admin\AppData\Local\Temp\3dedab92a45af6bf9691bce6dce18eef.exe
"C:\Users\Admin\AppData\Local\Temp\3dedab92a45af6bf9691bce6dce18eef.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe
  "C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe"
  2⤵
  - Executes dropped EXE
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe

Filesize
320KB

MD5
11d1d85822ed53dcabd5e26544dc64bc

SHA1
d352f4914174aebc0ac9a893fdef71d2b52c4bf8

SHA256
e547c03402dace446e90931a628cb12e5ed349dead98a7279b0ffa1e937118d0

SHA512
44292d4ed506187e5463c67f0315ac3f9cb4a6473321ddf83eb474c83a02552b000be88d5258632c9729eb313f81040321494e94d5428fc0f108ade1a997f298

Download Submit
C:\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe

Filesize
256KB

MD5
9bb9c8972c88e57b0cc34fc19c3c23ae

SHA1
a8deeed05e76ec5b0fff4a52d14c4101f48b4c2f

SHA256
cd82ec1e3317e40eda3076f619b21c0e2aae013f27ad8a01016b32e037d3f8a7

SHA512
12319774a0358cc47a6ffe6a4d298fb913690ee8d38a78f2aea759eab588724045f88a6fcebc66f980e1ed5f25c1d7a0947bdb5e5ac112806db6893f543e0dd6

Download Submit
\Users\Admin\AppData\Local\Temp\Plug de Seguranca.exe

Filesize
341KB

MD5
10fc841698fc4098e27c8df60887c896

SHA1
02d161bc21dff7a7512d86d0c350920bfe30abb6

SHA256
a6039e312adaaf8b3a28acf9d4a0ca4feda0cc4e2652c78351dcb34d6f31f4ff

SHA512
81c6b9843b78198d70d50d5344ce7459b012f99a7960b52ce96ad9ac8d63c389be901e5a239a6b6725f56ccb91db82b20dd9567d6b7dba7321090e571e786e4e

Download Submit
memory/2984-10-0x0000000000400000-0x0000000000401000-memory.dmp

Filesize
4KB

Download
memory/2984-11-0x0000000000050000-0x0000000000274000-memory.dmp

Filesize
2.1MB

Download