01a3b20af7b00309c071206345e8c3344e1df8288b2e65f09f0a73a10f9acf20

Analysis

max time kernel
149s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
02/01/2024, 16:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3e845b05b4a0d6fb270899ba6498c702.exe
Size

49KB
MD5

3e845b05b4a0d6fb270899ba6498c702
SHA1

2a07cec85a1247c0e641edd33df67f553e369d34
SHA256

01a3b20af7b00309c071206345e8c3344e1df8288b2e65f09f0a73a10f9acf20
SHA512

0a2e7aacaf2d0a73fcbd1a36edba452d8df982475b04597ad25aef9b3f01f223a1e82a114aff82840a983db78d4cfe6c6042c0cbf3d7bdae529dbf0bab3b06a9
SSDEEP

768:EyW1yBtObv0U/xwPp0EoooiYECG2nZF5sZVcmxMbz:24Bobv7aB0EooYEC3rUVcY8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2368	zbhnd.exe

Loads dropped DLL 1 IoCs

pid	Process
2168	3e845b05b4a0d6fb270899ba6498c702.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2168 wrote to memory of 2368	2168	3e845b05b4a0d6fb270899ba6498c702.exe	28
PID 2168 wrote to memory of 2368	2168	3e845b05b4a0d6fb270899ba6498c702.exe	28
PID 2168 wrote to memory of 2368	2168	3e845b05b4a0d6fb270899ba6498c702.exe	28
PID 2168 wrote to memory of 2368	2168	3e845b05b4a0d6fb270899ba6498c702.exe	28

C:\Users\Admin\AppData\Local\Temp\3e845b05b4a0d6fb270899ba6498c702.exe
"C:\Users\Admin\AppData\Local\Temp\3e845b05b4a0d6fb270899ba6498c702.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2168
- C:\Users\Admin\AppData\Local\Temp\zbhnd.exe
  "C:\Users\Admin\AppData\Local\Temp\zbhnd.exe"
  2⤵
  - Executes dropped EXE
  PID:2368

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\zbhnd.exe

Filesize
49KB

MD5
5e54206e82618a9c85c7bcc58baf2fba

SHA1
c2955d3f73256128098b5ee6b57d7dd3f979fa31

SHA256
75289c2af1d69dff0bf0e154ff667de05643ab0ff265ef77077f3925e550bcd7

SHA512
b270109e801f6ece04160e31b4759b2cf50598d0ec7bc30a378fd1fa5425f8d5b61315e13d56b952ce5a95c5ee72067c279f5655755af9c271e9744a27e4cde6

Download Submit
memory/2168-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2168-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2168-9-0x0000000000530000-0x0000000000539000-memory.dmp

Filesize
36KB

Download
memory/2368-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2368-12-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download