Analysis
-
max time kernel
56s -
max time network
151s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
03-01-2024 15:43
Behavioral task
behavioral1
Sample
899f72d4ef7b108e5118d9ab16ea65b6.exe
Resource
win7-20231215-en
General
-
Target
899f72d4ef7b108e5118d9ab16ea65b6.exe
-
Size
327KB
-
MD5
899f72d4ef7b108e5118d9ab16ea65b6
-
SHA1
18aa2ec23b4a9f59492e1f621a304938d7cdad3b
-
SHA256
8a0bf83aff94875877e5323bb1ba2ab81f531583f3e7026c031166de9c905e0d
-
SHA512
98727e0e493010de0720ee7d7e9ab266066581fa54950f72af58ab04f90fabaf41b2f1a8057bbbab5c40879b614ba2a1d968c26f1f33c522b313dbf69a95fe37
-
SSDEEP
6144:onOAG5ldEQdPd/2oSQbQFsrF1W/h84IrV7mMpH8zQW4jQw+kN:o/G5ldDPUoSiQi4kVdcQzjD
Malware Config
Extracted
urelas
1.234.83.146
133.242.129.155
218.54.31.226
218.54.31.165
Signatures
-
resource yara_rule behavioral1/memory/2764-0-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/files/0x000300000000b1f7-6.dat upx behavioral1/memory/2548-16-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/memory/2764-18-0x0000000000400000-0x00000000004BE000-memory.dmp upx behavioral1/files/0x000300000000b1f7-4.dat upx behavioral1/memory/2548-21-0x0000000000400000-0x00000000004BE000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
Processes
-
C:\Users\Admin\AppData\Local\Temp\899f72d4ef7b108e5118d9ab16ea65b6.exe"C:\Users\Admin\AppData\Local\Temp\899f72d4ef7b108e5118d9ab16ea65b6.exe"1⤵PID:2764
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\_uinsey.bat" "2⤵PID:1996
-
-
C:\Users\Admin\AppData\Local\Temp\ruvoy.exe"C:\Users\Admin\AppData\Local\Temp\ruvoy.exe"2⤵PID:2548
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
276B
MD58d8fc047abdf92696bded5bf8061c7b0
SHA16d2ee7bae973d23953a3fec32adf77d7befa7b5b
SHA25610fcf20a24a156be72087a9d676d0ffa09ee6b68af7f337a435c54122520448c
SHA5128a421dc0e8c04bfc7f382eaae979be06d9d49feda9b15ad8f40953ca704b4654db7f7d0e0f44245bd6453a15bb31c3a405c5269d12414b07200f6a3decbea918
-
Filesize
512B
MD543ba6a32a98bf39e25662ef039a05808
SHA10ae2f3b33c97ff0bc5d6aaab19d2c41515865354
SHA25676aead7623518aa5db27d0401f98509249c8fc9eb5c6411154d48fca67c315c4
SHA5120f5479421acf3f13e4b4e5193ea7d788caf214f5a1093da55570108a723caad45600184c24f90fe5a84a515211a127b0f3905aa0e7cc71009a77f43eada16b8c
-
Filesize
1KB
MD58d27c88ed07be40359061124b96c11cf
SHA14f6f92359168fea701762ac4c9798cfbde96766f
SHA2566af9c00109978e01767c1e0565bcd94432867eda0bb6a250ac7f646a7dd5459c
SHA51224f13635433340c363800c4f144ce34d08b88ae704dc25e533de44afa736a4aaac153f1ba59b07fd7d4aa50e4b89add0781319b7ef746d1611ac8f7af5690b6c
-
Filesize
2KB
MD5d8db2052f0c6fa4352d6d34ba12938cb
SHA1e89d1159441d318bcc75308cc4bf066a8efad7d1
SHA256965c320cb91adfe52cc65d684f6a3b970147bf8d3e87d3fb06accefd5d9a94fa
SHA512e8d1a68de5564986534f1bad3a4bcfbb4ba2a57158ac282f8a34135bae3f8185e2e5f598c3a29e4603613c90f1880a5fdf3d2674f1069dce98088006c5646333