ef99a1844cbf354868a70cdcc2584ec94ffceafc4ffcd3a6b5563fa1d632844e

Analysis

max time kernel
123s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
01-01-2024 15:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49.exe
Size

207KB
MD5

8d0a312773a8475e499b7f879cfe8ece
SHA1

7aa2568f464780f85dafd385a6ff82d79ea6379f
SHA256

16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49
SHA512

a7cbd19806e8832ef687ccf01debf3db4c0afb9e631379e2200c7da5144fd40146508b2c9685bddadf620491bff5f30f910ab0d6c900fc34bfb0893dcd78d953
SSDEEP

3072:5M+lmsolAIrRuw+mqv9j1MWLQBexM+lmsolAIrRuw+mqv9j1MWLQ:S+lDAAYx+lDAA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

ex3t.exe

pid process

2756 ex3t.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2756	ex3t.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49.exe

description	pid	process	target process
PID 1636 wrote to memory of 2756	1636	16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49.exe	ex3t.exe
PID 1636 wrote to memory of 2756	1636	16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49.exe	ex3t.exe
PID 1636 wrote to memory of 2756	1636	16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49.exe	ex3t.exe

C:\Users\Admin\AppData\Local\Temp\16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49.exe
"C:\Users\Admin\AppData\Local\Temp\16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1636

C:\ex3t.exe
"C:\ex3t.exe"
2⤵
- Executes dropped EXE
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ex3t.exe

Filesize
207KB

MD5
8d0a312773a8475e499b7f879cfe8ece

SHA1
7aa2568f464780f85dafd385a6ff82d79ea6379f

SHA256
16b51224239d3671b1af3e8f2656a2ad1e7f5fb9acb09111a95461338a841b49

SHA512
a7cbd19806e8832ef687ccf01debf3db4c0afb9e631379e2200c7da5144fd40146508b2c9685bddadf620491bff5f30f910ab0d6c900fc34bfb0893dcd78d953

Download Submit
C:\ex3t.txt

Filesize
15B

MD5
70f98cbb0643e9a348fd0d40eec6b640

SHA1
7c2d7543ddd8b4f410430a30aefe4b9bcd1538dc

SHA256
25192b99ddab2d60a1c1b4013503bf980d627127292e5f601c235e0bdcb5ddf0

SHA512
bad13acb4b3edad289184a42ffb8cd8b16d5d469d06605f307e34f438ce0a6cc9ee80ae627a3a9e6c34d528d7fbf2e31a37c42ebf90272c810dc3590650672de

Download Submit
memory/1636-15-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp

Filesize
9.9MB

Download
memory/1636-1-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp

Filesize
9.9MB

Download
memory/1636-2-0x000000001B4B0000-0x000000001B530000-memory.dmp

Filesize
512KB

Download
memory/1636-12-0x000000001B4B6000-0x000000001B51D000-memory.dmp

Filesize
412KB

Download
memory/1636-0-0x0000000000C50000-0x0000000000C8A000-memory.dmp

Filesize
232KB

Download
memory/2756-13-0x000000001B1F0000-0x000000001B270000-memory.dmp

Filesize
512KB

Download
memory/2756-14-0x000000001B1F0000-0x000000001B270000-memory.dmp

Filesize
512KB

Download
memory/2756-11-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp

Filesize
9.9MB

Download
memory/2756-16-0x000007FEF5D90000-0x000007FEF677C000-memory.dmp

Filesize
9.9MB

Download
memory/2756-17-0x000000001B1F0000-0x000000001B270000-memory.dmp

Filesize
512KB

Download
memory/2756-10-0x00000000008D0000-0x000000000090A000-memory.dmp

Filesize
232KB

Download
memory/2756-19-0x000000001B1F0000-0x000000001B270000-memory.dmp

Filesize
512KB

Download
memory/2756-20-0x000000001B1F0000-0x000000001B270000-memory.dmp

Filesize
512KB

Download