428af3a8f62e4582eb3a29364deea809baba4389ff00629c16285bf263f623c4

Analysis

max time kernel
161s
max time network
165s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06/01/2024, 19:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

PIO/Vision_External.exe
Size

16.9MB
MD5

123aff079cacb45262fb1dd386565ef0
SHA1

7460881e0f66d3784d9139e695ef434263bce310
SHA256

814d3e3b618a2443784b214ac0d1e12684a3456fec4dbbe7bf34ea8115d9e86e
SHA512

913e5e0ea9b34f47e650a01dbb840fe8cb8c4a6060a907170572fb319eca843aa6dff80d015cb98a99d5f951b443540f54bedb7c2b2bd54ea8f707b28a0e56d7
SSDEEP

393216:Tmm5UUHhf5UWyu2zW5746cljiwSPnH9KoB95WDO4w:qY15cu2zW5M9hSPnHT

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1388	app.exe

Loads dropped DLL 2 IoCs

pid	Process
2612	Vision_External.exe
1388	app.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2612	Vision_External.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 1388	2612	Vision_External.exe	27
PID 2612 wrote to memory of 1388	2612	Vision_External.exe	27
PID 2612 wrote to memory of 1388	2612	Vision_External.exe	27

C:\Users\Admin\AppData\Local\Temp\PIO\Vision_External.exe
"C:\Users\Admin\AppData\Local\Temp\PIO\Vision_External.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Users\Admin\AppData\Local\Temp\onefile_2612_133490440733414000\app.exe
  "C:\Users\Admin\AppData\Local\Temp\PIO\Vision_External.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2612_133490440733414000\app.exe

Filesize
1.5MB

MD5
0d4b4632f55ba693275d4d3d7c454a62

SHA1
4d94b65539ff228d32b141fbe7ea0e4b05732f27

SHA256
e357baf635d1a0ec11b8911ad46848eea3dd5aca3fd1f34d4852f252c3d60144

SHA512
4a3c1e197b3ab51555b405f4c654b6b3f8afeaf9d0e06edcfd99b08627bfbf9fcb637456e88337e019713e96b2721e8cca3dedbfe580cc2732189784ace70d95

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2612_133490440733414000\python39.dll

Filesize
1.6MB

MD5
732594fc79c2b0ba008615d26780c53b

SHA1
e6fe4b92e281084a06f84a2e9fb0425cd38f6d63

SHA256
8b72848908ec00238b2a593fe334c7c59a2608311056a040e9b911fe7848812f

SHA512
a7092a039136d39f8c12bfd8566c06be169d2b8fac19ba1f8f77eb382252fcc141956a2b813beae049f50b69451df63363c02427f1e2d10b316c11ebe8604bc5

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2612_133490440733414000\app.exe

Filesize
1.8MB

MD5
d511215d83443275458b56a542aaf4a6

SHA1
f1f9d458a1378d0fc00ef9bc70c29208f4f491e9

SHA256
b3445dbb496cf52a9ee6399a46ada2f07d2ed0aa39b844ec37149150a1ad6d87

SHA512
2353146342a76795a6eac5a09ebaa8e9e28d0c6f7695b144fc1420a5f4b1d6306655a780f4c7555b2440a44dd794a2f84ed80801e0586dccae328f5ad5f89820

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2612_133490440733414000\python39.dll

Filesize
3.3MB

MD5
6a483056a5ec50c520a3d59611d8e5d2

SHA1
356cf1ac53daffae78e665c333e5bfae0d9e7c89

SHA256
de542ef5827dfd820f8f424e3c6a551f33ca8fa40fbb5646dae3172d53eedc27

SHA512
c51f674c6db921396a5d74ab266862e2a10bffcdb19054dcc9ef6f7698a8d51683dd430e210ef8b3d2a0c5f4921eb260048b02346eb725c38607cd3246e189fa

Download Submit
memory/2612-18-0x0000000076FF0000-0x0000000076FF2000-memory.dmp

Filesize
8KB

Download
memory/2612-27-0x0000000077000000-0x0000000077002000-memory.dmp

Filesize
8KB

Download
memory/2612-10-0x0000000076FD0000-0x0000000076FD2000-memory.dmp

Filesize
8KB

Download
memory/2612-12-0x000000013FE50000-0x0000000141DCD000-memory.dmp

Filesize
31.5MB

Download
memory/2612-11-0x0000000076FE0000-0x0000000076FE2000-memory.dmp

Filesize
8KB

Download
memory/2612-15-0x0000000076E10000-0x0000000076FB9000-memory.dmp

Filesize
1.7MB

Download
memory/2612-14-0x0000000076FE0000-0x0000000076FE2000-memory.dmp

Filesize
8KB

Download
memory/2612-17-0x0000000076FE0000-0x0000000076FE2000-memory.dmp

Filesize
8KB

Download
memory/2612-22-0x0000000076FF0000-0x0000000076FF2000-memory.dmp

Filesize
8KB

Download
memory/2612-20-0x0000000076FF0000-0x0000000076FF2000-memory.dmp

Filesize
8KB

Download
memory/2612-0-0x0000000076FC0000-0x0000000076FC2000-memory.dmp

Filesize
8KB

Download
memory/2612-23-0x0000000077000000-0x0000000077002000-memory.dmp

Filesize
8KB

Download
memory/2612-30-0x000007FEFCDB0000-0x000007FEFCDB2000-memory.dmp

Filesize
8KB

Download
memory/2612-8-0x0000000076FD0000-0x0000000076FD2000-memory.dmp

Filesize
8KB

Download
memory/2612-25-0x0000000077000000-0x0000000077002000-memory.dmp

Filesize
8KB

Download
memory/2612-32-0x000007FEFCDB0000-0x000007FEFCDB2000-memory.dmp

Filesize
8KB

Download
memory/2612-35-0x000007FEFCDC0000-0x000007FEFCDC2000-memory.dmp

Filesize
8KB

Download
memory/2612-37-0x000007FEFCDC0000-0x000007FEFCDC2000-memory.dmp

Filesize
8KB

Download
memory/2612-5-0x000000013FE50000-0x0000000141DCD000-memory.dmp

Filesize
31.5MB

Download
memory/2612-6-0x0000000076FD0000-0x0000000076FD2000-memory.dmp

Filesize
8KB

Download
memory/2612-4-0x0000000076FC0000-0x0000000076FC2000-memory.dmp

Filesize
8KB

Download
memory/2612-2-0x0000000076FC0000-0x0000000076FC2000-memory.dmp

Filesize
8KB

Download
memory/2612-81-0x000000013FE50000-0x0000000141DCD000-memory.dmp

Filesize
31.5MB

Download
memory/2612-82-0x0000000076E10000-0x0000000076FB9000-memory.dmp

Filesize
1.7MB

Download
memory/2612-117-0x0000000076E10000-0x0000000076FB9000-memory.dmp

Filesize
1.7MB

Download
memory/2612-118-0x000000013FE50000-0x0000000141DCD000-memory.dmp

Filesize
31.5MB

Download