Analysis
-
max time kernel
147s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
08/01/2024, 04:13
Static task
static1
Behavioral task
behavioral1
Sample
4a68e03ee1cfc5f1286cb5df49daba14.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
4a68e03ee1cfc5f1286cb5df49daba14.exe
Resource
win10v2004-20231215-en
General
-
Target
4a68e03ee1cfc5f1286cb5df49daba14.exe
-
Size
1.4MB
-
MD5
4a68e03ee1cfc5f1286cb5df49daba14
-
SHA1
3f36dec45c66c6dd2aef63d7c12e3d4627e44888
-
SHA256
16e5226713f696f2349a47666206a0ccf5b2e55c68a9523941a35d6ad0e7ac3c
-
SHA512
1ba2bdbf0c96de5701d95be3325b066921ece002a305b21701983d6445f9934b1379d6247a4b2d5add4f493ed33e91d2bb11bfe1a40f67e2dab11c33f8da38da
-
SSDEEP
24576:2YTbnsTIccZdCBV+pFtL2b+mdusgTk5BUw191rLr0ajI1t17V6I0Twt:LsTIbdCPbbiCz177I1t1IICg
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2264 4a68e03ee1cfc5f1286cb5df49daba14.exe -
Loads dropped DLL 3 IoCs
pid Process 2264 4a68e03ee1cfc5f1286cb5df49daba14.exe 2264 4a68e03ee1cfc5f1286cb5df49daba14.exe 2264 4a68e03ee1cfc5f1286cb5df49daba14.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2856 wrote to memory of 2264 2856 4a68e03ee1cfc5f1286cb5df49daba14.exe 91 PID 2856 wrote to memory of 2264 2856 4a68e03ee1cfc5f1286cb5df49daba14.exe 91 PID 2856 wrote to memory of 2264 2856 4a68e03ee1cfc5f1286cb5df49daba14.exe 91
Processes
-
C:\Users\Admin\AppData\Local\Temp\4a68e03ee1cfc5f1286cb5df49daba14.exe"C:\Users\Admin\AppData\Local\Temp\4a68e03ee1cfc5f1286cb5df49daba14.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2856 -
C:\Users\Admin\AppData\Local\Temp\ijtmp_BE115195-099D-4329-A71E-F039431F75F1\4a68e03ee1cfc5f1286cb5df49daba14.exeC:\Users\Admin\AppData\Local\Temp\ijtmp_BE115195-099D-4329-A71E-F039431F75F1\4a68e03ee1cfc5f1286cb5df49daba14.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2264
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\ijtmp_BE115195-099D-4329-A71E-F039431F75F1\4a68e03ee1cfc5f1286cb5df49daba14.exe
Filesize93KB
MD59edf3cdd1bbaf1a3a9704125635ef92c
SHA193c0f6ac5b667dfd69962b7fc68c181169b53840
SHA2565a35359cb2ebf1742f11ec3dbce3e46f8799dd1a360c44444dc7da706d185a4a
SHA5125f0591751dab3ec8c3cbf56080635c92df0828c962f4c7286675cdc6fe46027b0b779badf745c45ad432fe0acc6c3f250ae1d54c0ecde71124ef8b470e471e95
-
C:\Users\Admin\AppData\Local\Temp\ijtmp_BE115195-099D-4329-A71E-F039431F75F1\4a68e03ee1cfc5f1286cb5df49daba14.exe
Filesize384KB
MD5412ade4fdc82b45e73b2ed2f3a834ae2
SHA1b3d099ddaafa44e22b695ff5c205c299508e7a8b
SHA256e397f17ee06dadc2fc10e8e1f2cea5750b254d030ca15e6f608b47d59ac42e30
SHA5123f892e52f38078abbde5a0bd30470839923f8c4b115d50fe622b6e77ad47c3ccca260412eb5abc872902ab3f73a29e29894aaa9ca4c631c5e595b4f3d3046bda
-
Filesize
56KB
MD55c9bdfd0977db0bb36c968045d95051b
SHA17b8a733ff048f17508a5a93cc95e4fc777be13f8
SHA2566d6461d5b3cb5dd1f07611f2bb36766ad414d3883ad92c6bb3d8817f3f06c0bc
SHA512fb3f3a7cd1bd7e3930cf4682c13103846561345023a9e9c750cebfd30f5a0a0abd19fffa78a0184a74e9d274be91bb7fffc662210411d6c42d78db8bcebee0bd