Analysis
-
max time kernel
51s -
max time network
135s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
02-01-2024 15:56
Static task
static1
Behavioral task
behavioral1
Sample
7e324097717d9a6469df3299fe36a286.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7e324097717d9a6469df3299fe36a286.exe
Resource
win10v2004-20231215-en
General
-
Target
7e324097717d9a6469df3299fe36a286.exe
-
Size
1.7MB
-
MD5
7e324097717d9a6469df3299fe36a286
-
SHA1
96da6a90b06a1727b5717f38327237dd83cc5c24
-
SHA256
408c69a20306a7dfc4f0ba118071adcf2d6eb1aa5fec5ba81ccc94651d09a71f
-
SHA512
e01d24bbfc61b7651635ce7d8421e3d1dbfeb43c2eb735a63fb4902dccee84f982d07c5d4135bb248dbc6dc00bb657f22ac819535af5804656389aeff5589233
-
SSDEEP
49152:b+61p+twbaarsEEfjn8VtLh5eMipbguoK:D1p+tw2arsEkj8Dt0tbg1
Malware Config
Signatures
-
CustAttr .NET packer 1 IoCs
Detects CustAttr .NET packer in memory.
resource yara_rule behavioral2/memory/4612-7-0x0000000005D20000-0x0000000005D32000-memory.dmp CustAttr -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
pid Process 4728 schtasks.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7e324097717d9a6469df3299fe36a286.exe"C:\Users\Admin\AppData\Local\Temp\7e324097717d9a6469df3299fe36a286.exe"1⤵PID:4612
-
C:\Users\Admin\AppData\Local\Temp\7e324097717d9a6469df3299fe36a286.exe"C:\Users\Admin\AppData\Local\Temp\7e324097717d9a6469df3299fe36a286.exe"2⤵PID:3824
-
-
C:\Users\Admin\AppData\Local\Temp\7e324097717d9a6469df3299fe36a286.exe"C:\Users\Admin\AppData\Local\Temp\7e324097717d9a6469df3299fe36a286.exe"2⤵PID:1052
-
-
C:\Users\Admin\AppData\Local\Temp\7e324097717d9a6469df3299fe36a286.exe"C:\Users\Admin\AppData\Local\Temp\7e324097717d9a6469df3299fe36a286.exe"2⤵PID:4800
-
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\vGaNzCYODXh" /XML "C:\Users\Admin\AppData\Local\Temp\tmpC9D.tmp"2⤵
- Creates scheduled task(s)
PID:4728
-
-
C:\Users\Admin\AppData\Local\Temp\bTCWSzyL4BHAfY0.exe"C:\Users\Admin\AppData\Local\Temp\bTCWSzyL4BHAfY0.exe" 01⤵PID:2520
-
C:\Users\Admin\AppData\Local\Temp\bTCWSzyL4BHAfY0.exe"C:\Users\Admin\AppData\Local\Temp\bTCWSzyL4BHAfY0.exe"2⤵PID:1592
-
-
C:\Users\Admin\AppData\Local\Temp\le8b4NfcU6ohlX4.exe"C:\Users\Admin\AppData\Local\Temp\le8b4NfcU6ohlX4.exe" 01⤵PID:3588
-
C:\Users\Admin\AppData\Local\Temp\le8b4NfcU6ohlX4.exe"C:\Users\Admin\AppData\Local\Temp\le8b4NfcU6ohlX4.exe"2⤵PID:5072
-