Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    08/01/2024, 03:40

General

  • Target

    4a576229508cc4de24c7d206662a50ec.exe

  • Size

    107KB

  • MD5

    4a576229508cc4de24c7d206662a50ec

  • SHA1

    cd6304a914720f473c9a87f20e2062805e26e614

  • SHA256

    d511989fa3f11bf8e3516fd48be81a6bd50359dce2a3677945d5f90b17776895

  • SHA512

    3f952e6bb83bd4077d9e0affe6df25ec0928ecbcd906bc90a178a61904ef16bc1128961f27dde4b40028fe9661a85cd6c423c8d3033404134f9adb8b3ab77dbd

  • SSDEEP

    3072:eVGJwcYEQn1VeCjRjgPijntfnCfJ2u4CyiHsi2f:b1Yzn5jxgIntfnCR2u4GNG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4a576229508cc4de24c7d206662a50ec.exe
    "C:\Users\Admin\AppData\Local\Temp\4a576229508cc4de24c7d206662a50ec.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Users\Admin\AppData\Local\Temp\8aff65ff.exe
      "C:\Users\Admin\AppData\Local\Temp\8aff65ff.exe"
      2⤵
      • Executes dropped EXE
      PID:2328

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/1732-0-0x0000000000400000-0x0000000000409000-memory.dmp

          Filesize

          36KB