05033b06e9cc88564dbbe672e3e3a38b20f14515d7c13038080d859ae7f2487f

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4a21d9ed83acbb728e7e7d3a942e4d2e.exe
Size

298KB
MD5

4a21d9ed83acbb728e7e7d3a942e4d2e
SHA1

522d11346150489df1be928cd4a78c1ecc90ac44
SHA256

05033b06e9cc88564dbbe672e3e3a38b20f14515d7c13038080d859ae7f2487f
SHA512

e4930d93f05a45159a0da3c741bf6e29054421498b2e6e7e5488feb1de3abf8d9dfcd33a0fa8509059273bf8cf0b3371594edb2891d5570a5c42bf0cd48a494a
SSDEEP

6144:3ag7DUcrcSP/2aNu126gic+X+Te0W5Qnrl:qgtrcSX2ut7+h0W5Qnx

Score

7^/10

Malware Config

Signatures

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\4a21d9ed83acbb728e7e7d3a942e4d2e.lnk	4a21d9ed83acbb728e7e7d3a942e4d2e.exe

Loads dropped DLL 1 IoCs

pid	Process
2296	4a21d9ed83acbb728e7e7d3a942e4d2e.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Tasks\Bidaily Synchronize Task.job	4a21d9ed83acbb728e7e7d3a942e4d2e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\4a21d9ed83acbb728e7e7d3a942e4d2e.exe
"C:\Users\Admin\AppData\Local\Temp\4a21d9ed83acbb728e7e7d3a942e4d2e.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Drops file in Windows directory
PID:2296

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2296-3-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2296-5-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2296-28-0x00000000009B0000-0x00000000009B1000-memory.dmp

Filesize
4KB

Download
memory/2296-27-0x0000000000200000-0x0000000000201000-memory.dmp

Filesize
4KB

Download
memory/2296-26-0x00000000008F0000-0x00000000008F1000-memory.dmp

Filesize
4KB

Download
memory/2296-24-0x0000000000820000-0x0000000000821000-memory.dmp

Filesize
4KB

Download
memory/2296-23-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/2296-22-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2296-21-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2296-20-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2296-19-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2296-18-0x0000000000180000-0x0000000000181000-memory.dmp

Filesize
4KB

Download
memory/2296-17-0x00000000001F0000-0x00000000001F1000-memory.dmp

Filesize
4KB

Download
memory/2296-14-0x00000000001E0000-0x00000000001E1000-memory.dmp

Filesize
4KB

Download
memory/2296-13-0x00000000001D0000-0x00000000001D1000-memory.dmp

Filesize
4KB

Download
memory/2296-12-0x0000000000170000-0x0000000000171000-memory.dmp

Filesize
4KB

Download
memory/2296-11-0x0000000000160000-0x0000000000161000-memory.dmp

Filesize
4KB

Download
memory/2296-10-0x0000000000150000-0x0000000000151000-memory.dmp

Filesize
4KB

Download
memory/2296-8-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2296-9-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/2296-7-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2296-1-0x00000000008C0000-0x00000000008EF000-memory.dmp

Filesize
188KB

Download
memory/2296-0-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2296-34-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download
memory/2296-35-0x0000000002130000-0x0000000002131000-memory.dmp

Filesize
4KB

Download