454684e77418be0de8c2dc5080b703e5a3ee08252523b17f125f86669e3c541a

Analysis

max time kernel
148s
max time network
152s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 07:05

Target

403599026e72e68aceab3d573c82c8bc.exe
Size

61KB
MD5

403599026e72e68aceab3d573c82c8bc
SHA1

571b7ecb2b805ff4f5096183a5f79f101ff982ce
SHA256

454684e77418be0de8c2dc5080b703e5a3ee08252523b17f125f86669e3c541a
SHA512

287cacf3fd319b8b5323a9cf34b165982058df34c3b8da58c77a37189097206463958ba13e48cf88e3cde28964b2247499900c23cdd4fe113cf7b50cf0fe5504
SSDEEP

1536:jQ3UNB1up06ksNowiRY3/WE7RNJuZxb66JIj7m/4p:jQ62p0DWoXW3/WE7Md66JIXm/4p

Score

7^/10

Executes dropped EXE 3 IoCs

Loads dropped DLL 10 IoCs

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2716	1160	WerFault.exe	28

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2828	search.exe

Suspicious use of WriteProcessMemory 20 IoCs

description	pid	Process	procid_target
PID 808 wrote to memory of 1160	808	403599026e72e68aceab3d573c82c8bc.exe	28
PID 808 wrote to memory of 1160	808	403599026e72e68aceab3d573c82c8bc.exe	28
PID 808 wrote to memory of 1160	808	403599026e72e68aceab3d573c82c8bc.exe	28
PID 808 wrote to memory of 1160	808	403599026e72e68aceab3d573c82c8bc.exe	28
PID 808 wrote to memory of 2828	808	403599026e72e68aceab3d573c82c8bc.exe	30
PID 808 wrote to memory of 2828	808	403599026e72e68aceab3d573c82c8bc.exe	30
PID 808 wrote to memory of 2828	808	403599026e72e68aceab3d573c82c8bc.exe	30
PID 808 wrote to memory of 2828	808	403599026e72e68aceab3d573c82c8bc.exe	30
PID 1160 wrote to memory of 2716	1160	loader.exe	29
PID 1160 wrote to memory of 2716	1160	loader.exe	29
PID 1160 wrote to memory of 2716	1160	loader.exe	29
PID 1160 wrote to memory of 2716	1160	loader.exe	29
PID 2828 wrote to memory of 2036	2828	search.exe	35
PID 2828 wrote to memory of 2036	2828	search.exe	35
PID 2828 wrote to memory of 2036	2828	search.exe	35
PID 2828 wrote to memory of 2036	2828	search.exe	35
PID 2828 wrote to memory of 2232	2828	search.exe	36
PID 2828 wrote to memory of 2232	2828	search.exe	36
PID 2828 wrote to memory of 2232	2828	search.exe	36
PID 2828 wrote to memory of 2232	2828	search.exe	36

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\loader.exe

Filesize
13KB

MD5
0ecd7860a2a53a0865ea11558315e3ce

SHA1
7a70573abfea1a31beb822478c2dac0932799b48

SHA256
8b8ab33cbb963aaf6eca78d50fd2b84b62a2a9ede8c5acd007bca7c85c8aade2

SHA512
7b52dd18d1b9b107bfdaab116ed752abc675ff63f63991cfa0cfa0db04238afbddc18b8acfbddf5f072a89d9e0a0d51c94fb5818a1755a42a113284e0af30a57

Download Submit
\Users\Admin\AppData\Local\Temp\search.exe

Filesize
72KB

MD5
7c96e667e91592ec3ca1fb457480ac12

SHA1
dad4a17691cb8b57e05e7a06fe396809737606d6

SHA256
256e84c0463d5e40d5a4bbeadeab7b785089100a5ab02203c0668a8cb142ef5f

SHA512
cc7644eb668d03ca6b68d5dceb8bf74edf08b5c53258b4b67898c36b8764e94b421bb37f4126e3355435b691063d4d59029666472e66423b5bd727105e399eab

Download Submit