feb58133510297f098e0da758df1e76b43166a12be82e6fc033b227de739d315

Analysis

max time kernel
168s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 14:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

411c0dac755c75716225dc491f202da0.exe
Size

841KB
MD5

411c0dac755c75716225dc491f202da0
SHA1

7c315b9956a7830b1309afc7aa546851757ceb59
SHA256

feb58133510297f098e0da758df1e76b43166a12be82e6fc033b227de739d315
SHA512

6031e562f31a058ca8fc33a0288a796b93d1cf590a92cd121b8edb859ecc330ab131b62c76f1665b5b3f15c39693a8644d496d6c76d8c30aab1e2819858ba033
SSDEEP

24576:goKPe7+9c1zVF6EvkCS05iQksiQrGR0ST:goKPENBVMEv9D5zxrGRb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2852	INS14BC.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 2852	3480	411c0dac755c75716225dc491f202da0.exe	44
PID 3480 wrote to memory of 2852	3480	411c0dac755c75716225dc491f202da0.exe	44
PID 3480 wrote to memory of 2852	3480	411c0dac755c75716225dc491f202da0.exe	44

C:\Users\Admin\AppData\Local\Temp\411c0dac755c75716225dc491f202da0.exe
"C:\Users\Admin\AppData\Local\Temp\411c0dac755c75716225dc491f202da0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Users\Admin\AppData\Local\Temp\INS14BC.tmp
  C:\Users\Admin\AppData\Local\Temp\INS14BC.tmp /SL3 $601D6 C:\Users\Admin\AppData\Local\Temp\411c0dac755c75716225dc491f202da0.exe 846233 849576 61440
  2⤵
  - Executes dropped EXE
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2852-4-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/2852-9-0x0000000000400000-0x000000000046B000-memory.dmp

Filesize
428KB

Download
memory/2852-12-0x00000000020B0000-0x00000000020B1000-memory.dmp

Filesize
4KB

Download
memory/3480-8-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download