53007b67065537cfa7070613d7553cf5c2d161e2d85bfd741f9d6c24c94b566a

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
08/01/2024, 10:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4b32469204ae8d51c8561d4e0e2d3f06.exe
Size

213KB
MD5

4b32469204ae8d51c8561d4e0e2d3f06
SHA1

021697e43091dd8e69f0fe03900ee30e649a0c74
SHA256

53007b67065537cfa7070613d7553cf5c2d161e2d85bfd741f9d6c24c94b566a
SHA512

d11a2be1a63e32a8b7a0d7af1c797a3999959212aaccab4f5cbabab24ff3d18d9ffe885de635d39663114e6c1917713105389b3be26777925d6827491587f05e
SSDEEP

3072:AfP+miCL5fWqeKuIwxLBqbSeUJIj4tWVAHZux6fKQJ:8PECL5+/KunEGeSxtuwnfX

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2668	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 2668	2336	4b32469204ae8d51c8561d4e0e2d3f06.exe	29
PID 2336 wrote to memory of 2668	2336	4b32469204ae8d51c8561d4e0e2d3f06.exe	29
PID 2336 wrote to memory of 2668	2336	4b32469204ae8d51c8561d4e0e2d3f06.exe	29
PID 2336 wrote to memory of 2668	2336	4b32469204ae8d51c8561d4e0e2d3f06.exe	29
PID 2336 wrote to memory of 2668	2336	4b32469204ae8d51c8561d4e0e2d3f06.exe	29
PID 2336 wrote to memory of 2668	2336	4b32469204ae8d51c8561d4e0e2d3f06.exe	29
PID 2336 wrote to memory of 2668	2336	4b32469204ae8d51c8561d4e0e2d3f06.exe	29

C:\Users\Admin\AppData\Local\Temp\4b32469204ae8d51c8561d4e0e2d3f06.exe
"C:\Users\Admin\AppData\Local\Temp\4b32469204ae8d51c8561d4e0e2d3f06.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Mrj..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Mrj..bat

Filesize
210B

MD5
7a7117d651e673e046474bb9b5aa9a3e

SHA1
ff839cc86acc0862d5dd852e843cba168f117eb5

SHA256
c3943b1241de563fb9818e64082e028339338f54fa41813c08d344c03a28c5ab

SHA512
973516393ee64a3c0459d842ff0c21d44a1f68ccde84a37ab482250ed4fc5b74a36c76062d1750d3adaad41ed3da4be5ecaba3195eb3078103889b6b3a6408ad

Download Submit
memory/2336-1-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download
memory/2336-0-0x00000000003E0000-0x00000000003ED000-memory.dmp

Filesize
52KB

Download
memory/2336-3-0x0000000000400000-0x000000000043D000-memory.dmp

Filesize
244KB

Download