a023898d6468edacf13567cbc9eac4a39e4f8bf04e17b977073e8896009e4252

Analysis

max time kernel
148s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 21:36

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

51ae93767f5d21b033b1f06b6397774f.exe
Size

77KB
MD5

51ae93767f5d21b033b1f06b6397774f
SHA1

59d2bae72f8eb039651abe0514c8d2345b64cf16
SHA256

a023898d6468edacf13567cbc9eac4a39e4f8bf04e17b977073e8896009e4252
SHA512

47153f72f32e83ea584caea494b98e8c8c24754dcc5719b5235b589d9b90731947b54d89c00b8e72e9dad4a32c01c9c07b06dc043fa466d1ca4696a7ab8d479a
SSDEEP

1536:xf4exGDkeZ4mOoSgJEAJJBmqoQPplpws/X9AJeOt:p4eYZ4+1JXJJBJDp5X9OeU

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3996	51ae93767f5d21b033b1f06b6397774f.exe
3996	51ae93767f5d21b033b1f06b6397774f.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\PROGRA~1\INTERN~1\ieframe.dll	cmd.exe
File opened for modification	C:\PROGRA~1\INTERN~1\ieframe.dll	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3996 wrote to memory of 2852	3996	51ae93767f5d21b033b1f06b6397774f.exe	24
PID 3996 wrote to memory of 2852	3996	51ae93767f5d21b033b1f06b6397774f.exe	24
PID 3996 wrote to memory of 2852	3996	51ae93767f5d21b033b1f06b6397774f.exe	24

C:\Users\Admin\AppData\Local\Temp\51ae93767f5d21b033b1f06b6397774f.exe
"C:\Users\Admin\AppData\Local\Temp\51ae93767f5d21b033b1f06b6397774f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3996
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c copy C:\Users\Admin\AppData\Local\Temp\ife.txt "C:\PROGRA~1\INTERN~1\ieframe.dll" /a
  2⤵
  - Drops file in Program Files directory
  PID:2852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi4FA7.tmp\time.dll

Filesize
10KB

MD5
38977533750fe69979b2c2ac801f96e6

SHA1
74643c30cda909e649722ed0c7f267903558e92a

SHA256
b4a95a455e53372c59f91bc1b5fb9e5c8e4a10a506fa04aaf7be27048b30ae35

SHA512
e17069395ad4a17e24f7cd3c532670d40244bd5ae3887c82e3b2e4a68c250cd55e2d8b329d6ff0e2d758955ab7470534e6307779e49fe331c1fd2242ea73fd53

Download Submit