469c488ac32fedd2ddd120b0f9a8eba6d3d9042d0ffc360f4877565ff7f50917

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
05/01/2024, 13:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

43cb67b8dfbf8b5617dcf9c6798a6fba.exe
Size

199KB
MD5

43cb67b8dfbf8b5617dcf9c6798a6fba
SHA1

34fdc90bcda09b8b2f928147b2f8b66b68af0715
SHA256

469c488ac32fedd2ddd120b0f9a8eba6d3d9042d0ffc360f4877565ff7f50917
SHA512

a62c01c350df9ed81c78fdd0c08df2c60778d5e37595bd96016906619fa5edd17798a372d2e3527f3cec22d1d599eb9fabcbb627ff89f814e5c584551ea15767
SSDEEP

3072:zqL/trguWkyHCRA6Yeo3TnLUHFU6yoSF0jabLp5+WHpiojcwrETpN7dSuMHCsMnV:zZuzPieojnLUO6a2OioYNNIuMokm

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3052	Crypted_CryptorDarkApp.exe

Loads dropped DLL 2 IoCs

pid	Process
2128	43cb67b8dfbf8b5617dcf9c6798a6fba.exe
2128	43cb67b8dfbf8b5617dcf9c6798a6fba.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2128 wrote to memory of 3052	2128	43cb67b8dfbf8b5617dcf9c6798a6fba.exe	28
PID 2128 wrote to memory of 3052	2128	43cb67b8dfbf8b5617dcf9c6798a6fba.exe	28
PID 2128 wrote to memory of 3052	2128	43cb67b8dfbf8b5617dcf9c6798a6fba.exe	28
PID 2128 wrote to memory of 3052	2128	43cb67b8dfbf8b5617dcf9c6798a6fba.exe	28

C:\Users\Admin\AppData\Local\Temp\43cb67b8dfbf8b5617dcf9c6798a6fba.exe
"C:\Users\Admin\AppData\Local\Temp\43cb67b8dfbf8b5617dcf9c6798a6fba.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2128
- C:\Users\Admin\AppData\Local\Crypted_CryptorDarkApp.exe
  "C:\Users\Admin\AppData\Local\Crypted_CryptorDarkApp.exe"
  2⤵
  - Executes dropped EXE
  PID:3052

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Crypted_CryptorDarkApp.exe

Filesize
14KB

MD5
aceaf768f1ab9bfbd1baab7bb641306b

SHA1
a88a36921bde54ba55a66f14c472e4976281d136

SHA256
1e82a5caf1eb92aa6cfc0059eebed3e8ecb1552f98dc7c7d639586b7d4431494

SHA512
79ab612046f9455ae7a8d2865e948c2cade4c4fe737aa8a4676180e015f988b1a4b770a8161ac0a2d08197ff4b6aa94a21ef82724f7985a7f210a34193908459

Download Submit
C:\Users\Admin\AppData\Local\Crypted_CryptorDarkApp.exe

Filesize
3KB

MD5
02ad88ac0407e7ad379e3c1342c1e03c

SHA1
677bbd051fc0043b4bebae7cd96b04d33e384011

SHA256
d618c563e751d970c58c47fb3b4f3c268b5063414fdd3c436487881ed3bb7596

SHA512
11ab87c94919b5e2b3abe8dabc20ba72ebff9d54b87d3c1b1e0fce8d1495b91f900317b38132be2353bb89ea50937da54a7343b4b6e744c24fc1affac66b4b37

Download Submit
C:\Users\Admin\AppData\Local\Crypted_CryptorDarkApp.exe

Filesize
18KB

MD5
b1bef35f21bf660578feca1cbd82a833

SHA1
eaa396acd6115c6e696711b152637e9ac9fb658f

SHA256
3d33fb07b8c00157708199c1a18162975b4557bd74cb003f47bd8d0bce472e2a

SHA512
1f478c59209cc7254051a87074d116de4a148f05bab5855b2f850b1f94443a8f9f15209f47a4832ce9db31504b4591ee94fbf9924eb9de4614635c5152b80260

Download Submit
\Users\Admin\AppData\Local\Crypted_CryptorDarkApp.exe

Filesize
12KB

MD5
1f18ce72b282dd2492071dd862d1af20

SHA1
65dd24db29c275ba25dbced085ab3f4c563cf779

SHA256
c059268120b751dbc1179639c5b7747a46f6510884eb346c8af20ab1b55fe6e6

SHA512
a588629c417799af75be618d72f17d4ffbc47c60000a34a1a7fb808d12ebedbc6335872e73f645676a15989fcc30ec3ee9308f05e4d54cf9c4780d85004b9707

Download Submit
\Users\Admin\AppData\Local\Crypted_CryptorDarkApp.exe

Filesize
29KB

MD5
1ce9348bf4b9a04c4afb6e1f22654558

SHA1
4d2456004083e1073a02c92345dfa2d9e936a08b

SHA256
8d6126e5b9c0cdab50a9636b34042a07d26d868336072f4bd317e8375ffdd60e

SHA512
7e59343094821eed59483bf7aea6539125481083baf6a5509b41f83e230bbf0e806ee87b57bcf9fc964e9593f8e256f2d1e90c9039de9ad8b4d8f2fc6ba2d246

Download Submit
memory/2128-2-0x00000000049D0000-0x0000000004A10000-memory.dmp

Filesize
256KB

Download
memory/2128-13-0x0000000074810000-0x0000000074EFE000-memory.dmp

Filesize
6.9MB

Download
memory/2128-1-0x0000000074810000-0x0000000074EFE000-memory.dmp

Filesize
6.9MB

Download
memory/2128-0-0x0000000000170000-0x00000000001A8000-memory.dmp

Filesize
224KB

Download
memory/3052-15-0x0000000000EB0000-0x0000000000EC6000-memory.dmp

Filesize
88KB

Download
memory/3052-14-0x0000000074810000-0x0000000074EFE000-memory.dmp

Filesize
6.9MB

Download
memory/3052-16-0x0000000004340000-0x0000000004380000-memory.dmp

Filesize
256KB

Download
memory/3052-17-0x0000000004340000-0x0000000004380000-memory.dmp

Filesize
256KB

Download
memory/3052-18-0x0000000074810000-0x0000000074EFE000-memory.dmp

Filesize
6.9MB

Download
memory/3052-19-0x0000000004340000-0x0000000004380000-memory.dmp

Filesize
256KB

Download