Analysis
-
max time kernel
142s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
08/01/2024, 04:13
Static task
static1
Behavioral task
behavioral1
Sample
4a68e03ee1cfc5f1286cb5df49daba14.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a68e03ee1cfc5f1286cb5df49daba14.exe
Resource
win10v2004-20231215-en
General
-
Target
4a68e03ee1cfc5f1286cb5df49daba14.exe
-
Size
1.4MB
-
MD5
4a68e03ee1cfc5f1286cb5df49daba14
-
SHA1
3f36dec45c66c6dd2aef63d7c12e3d4627e44888
-
SHA256
16e5226713f696f2349a47666206a0ccf5b2e55c68a9523941a35d6ad0e7ac3c
-
SHA512
1ba2bdbf0c96de5701d95be3325b066921ece002a305b21701983d6445f9934b1379d6247a4b2d5add4f493ed33e91d2bb11bfe1a40f67e2dab11c33f8da38da
-
SSDEEP
24576:2YTbnsTIccZdCBV+pFtL2b+mdusgTk5BUw191rLr0ajI1t17V6I0Twt:LsTIbdCPbbiCz177I1t1IICg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2128 4a68e03ee1cfc5f1286cb5df49daba14.exe -
Loads dropped DLL 6 IoCs
pid Process 1980 4a68e03ee1cfc5f1286cb5df49daba14.exe 2128 4a68e03ee1cfc5f1286cb5df49daba14.exe 2128 4a68e03ee1cfc5f1286cb5df49daba14.exe 2128 4a68e03ee1cfc5f1286cb5df49daba14.exe 2128 4a68e03ee1cfc5f1286cb5df49daba14.exe 2128 4a68e03ee1cfc5f1286cb5df49daba14.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1980 wrote to memory of 2128 1980 4a68e03ee1cfc5f1286cb5df49daba14.exe 23 PID 1980 wrote to memory of 2128 1980 4a68e03ee1cfc5f1286cb5df49daba14.exe 23 PID 1980 wrote to memory of 2128 1980 4a68e03ee1cfc5f1286cb5df49daba14.exe 23 PID 1980 wrote to memory of 2128 1980 4a68e03ee1cfc5f1286cb5df49daba14.exe 23 PID 1980 wrote to memory of 2128 1980 4a68e03ee1cfc5f1286cb5df49daba14.exe 23 PID 1980 wrote to memory of 2128 1980 4a68e03ee1cfc5f1286cb5df49daba14.exe 23 PID 1980 wrote to memory of 2128 1980 4a68e03ee1cfc5f1286cb5df49daba14.exe 23
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a68e03ee1cfc5f1286cb5df49daba14.exe"C:\Users\Admin\AppData\Local\Temp\4a68e03ee1cfc5f1286cb5df49daba14.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Users\Admin\AppData\Local\Temp\ijtmp_21706FB3-A78F-4255-8497-FDF3DA90123C\4a68e03ee1cfc5f1286cb5df49daba14.exeC:\Users\Admin\AppData\Local\Temp\ijtmp_21706FB3-A78F-4255-8497-FDF3DA90123C\4a68e03ee1cfc5f1286cb5df49daba14.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2128
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\ijtmp_21706FB3-A78F-4255-8497-FDF3DA90123C\4a68e03ee1cfc5f1286cb5df49daba14.exe
Filesize1.4MB
MD54a68e03ee1cfc5f1286cb5df49daba14
SHA13f36dec45c66c6dd2aef63d7c12e3d4627e44888
SHA25616e5226713f696f2349a47666206a0ccf5b2e55c68a9523941a35d6ad0e7ac3c
SHA5121ba2bdbf0c96de5701d95be3325b066921ece002a305b21701983d6445f9934b1379d6247a4b2d5add4f493ed33e91d2bb11bfe1a40f67e2dab11c33f8da38da
-
Filesize
412KB
MD519f53fb243ad97ee855e6ecf0d12cc39
SHA1ef56ef5320c622571ae5db69a66e592f32077411
SHA256d88c5401e55d66bf7b8c42650644567ff27b35c6178c197af9fea941c8820301
SHA51294acf9b6b2cae0cc49717fb8c5e5808facd9eca4e7409d695337d16e997bcbbcb110741307f689505465b395cc1b9b945d1518470c44d048fe6ed31c62879935
-
Filesize
56KB
MD55c9bdfd0977db0bb36c968045d95051b
SHA17b8a733ff048f17508a5a93cc95e4fc777be13f8
SHA2566d6461d5b3cb5dd1f07611f2bb36766ad414d3883ad92c6bb3d8817f3f06c0bc
SHA512fb3f3a7cd1bd7e3930cf4682c13103846561345023a9e9c750cebfd30f5a0a0abd19fffa78a0184a74e9d274be91bb7fffc662210411d6c42d78db8bcebee0bd