d0b67874490ccd260c04ea0a755e181c75a3af4eddec819482c2dc5650f43edb

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 09:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4350140920395165681c74d0f4a85ad9.exe
Size

48KB
MD5

4350140920395165681c74d0f4a85ad9
SHA1

688f668850695163245b97de05eacf63e0d47c61
SHA256

d0b67874490ccd260c04ea0a755e181c75a3af4eddec819482c2dc5650f43edb
SHA512

2f7339f6a5a5a1bdeb33e042f722056d3f5e0d6e63618df48c0e6b252265e3dbef0b70d4e479803098042f172bdffeb0c2c1e34903d8fd4946786d9228656a41
SSDEEP

768:EyW1yBtObv0U/xwPp0EoooiYECG2nZF5sZVcmxG:24Bobv7aB0EooYEC3rUVcYG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2796	zbhnd.exe

Loads dropped DLL 1 IoCs

pid	Process
2436	4350140920395165681c74d0f4a85ad9.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 2796	2436	4350140920395165681c74d0f4a85ad9.exe	28
PID 2436 wrote to memory of 2796	2436	4350140920395165681c74d0f4a85ad9.exe	28
PID 2436 wrote to memory of 2796	2436	4350140920395165681c74d0f4a85ad9.exe	28
PID 2436 wrote to memory of 2796	2436	4350140920395165681c74d0f4a85ad9.exe	28

C:\Users\Admin\AppData\Local\Temp\4350140920395165681c74d0f4a85ad9.exe
"C:\Users\Admin\AppData\Local\Temp\4350140920395165681c74d0f4a85ad9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Users\Admin\AppData\Local\Temp\zbhnd.exe
  "C:\Users\Admin\AppData\Local\Temp\zbhnd.exe"
  2⤵
  - Executes dropped EXE
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\zbhnd.exe

Filesize
48KB

MD5
226d186830602724ca1d44db2c0ef354

SHA1
afbea430568c0ce92862312a1a463ef89c0fe9fc

SHA256
db33bbae320bebbb168e2e72b24bb35b88c027bcfe58b317b5664ff751ee7c47

SHA512
3008144c8a42ee67c9bb49c29bcfafc35c331699d1aa208f2954426fe28ff91151fa89db6ce7a370093732137de341328a24f1e38359cef5fbaf86cbdb830bd4

Download Submit
memory/2436-0-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2436-2-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download
memory/2796-10-0x0000000000400000-0x0000000000409000-memory.dmp

Filesize
36KB

Download