d50b4d6919837fd4c7464c0da47b077557c759fbd9e382eb62fb10e31a7e4206

Analysis

max time kernel
149s
max time network
153s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 22:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4cae28d69a06f350ae172eda6bbfa8d7.exe
Size

28KB
MD5

4cae28d69a06f350ae172eda6bbfa8d7
SHA1

54cc2e77741c92bfbc4bb6cc33cd54658e18d878
SHA256

d50b4d6919837fd4c7464c0da47b077557c759fbd9e382eb62fb10e31a7e4206
SHA512

686eb529f7b355280fd10a3793e225f37ddf4233a10c86bee232858ce7375ea5e6ba8dffda8fd8b3f24feac0b36ab09e247652994bacbdd380c175c5db29f454
SSDEEP

96:d7SqRLWXL7luHnnwR2Us2CYYFlYDhrcscGf0h4YsyZOOc1tA0Ap/j5GxRIA:dBRaonwR2FkQMdcseaeZC1tA5kIA

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3020	hummy.exe

Loads dropped DLL 2 IoCs

pid	Process
2368	4cae28d69a06f350ae172eda6bbfa8d7.exe
2368	4cae28d69a06f350ae172eda6bbfa8d7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 3020	2368	4cae28d69a06f350ae172eda6bbfa8d7.exe	28
PID 2368 wrote to memory of 3020	2368	4cae28d69a06f350ae172eda6bbfa8d7.exe	28
PID 2368 wrote to memory of 3020	2368	4cae28d69a06f350ae172eda6bbfa8d7.exe	28
PID 2368 wrote to memory of 3020	2368	4cae28d69a06f350ae172eda6bbfa8d7.exe	28

C:\Users\Admin\AppData\Local\Temp\4cae28d69a06f350ae172eda6bbfa8d7.exe
"C:\Users\Admin\AppData\Local\Temp\4cae28d69a06f350ae172eda6bbfa8d7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Temp\hummy.exe
  "C:\Users\Admin\AppData\Local\Temp\hummy.exe"
  2⤵
  - Executes dropped EXE
  PID:3020

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hummy.exe

Filesize
28KB

MD5
387fe64f91e4128097c3cf3a3d28b18c

SHA1
db75e4333e5757e61ac6ec58b684a95f63fe0d49

SHA256
070180e9ff9c495a16976e5f4f56cb9e124ef1e6ce4b00912d6a78def5969851

SHA512
cc83bd85f5fa5979d47ac6dcf296f0c04b4ac625afbc27948852cbd3b012edb31ca4d08af86bab7885be997164383f235a8a0322b393f8b8309cf3cda5d1bafa

Download Submit