f43f6f4654e332f423f1fbefffb0ea8c6312507793b30ef6901bf8240ff6790b

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10-01-2024 15:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50f4b40691daeb6239551a41cd71cd83.exe
Size

88KB
MD5

50f4b40691daeb6239551a41cd71cd83
SHA1

0011dbd33e1edbebf57428a480ea47702bbdba55
SHA256

f43f6f4654e332f423f1fbefffb0ea8c6312507793b30ef6901bf8240ff6790b
SHA512

65f9b2ff8ac1bd811dd04fb886f769a991bea3c283fa3c148e45b55234d60fb169f63957d9419aca2e54b765d1e6be9ab1194442674f03c7551c3f19c3f60ccd
SSDEEP

1536:77fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfwx7OB:Xq6+ouCpk2mpcWJ0r+QNTBfwA

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1884 wrote to memory of 2728	1884	50f4b40691daeb6239551a41cd71cd83.exe	28
PID 1884 wrote to memory of 2728	1884	50f4b40691daeb6239551a41cd71cd83.exe	28
PID 1884 wrote to memory of 2728	1884	50f4b40691daeb6239551a41cd71cd83.exe	28
PID 1884 wrote to memory of 2728	1884	50f4b40691daeb6239551a41cd71cd83.exe	28

C:\Users\Admin\AppData\Local\Temp\50f4b40691daeb6239551a41cd71cd83.exe
"C:\Users\Admin\AppData\Local\Temp\50f4b40691daeb6239551a41cd71cd83.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\1C28.tmp\1C29.tmp\1C2A.bat C:\Users\Admin\AppData\Local\Temp\50f4b40691daeb6239551a41cd71cd83.exe"
  2⤵
  PID:2728

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1C28.tmp\1C29.tmp\1C2A.bat

Filesize
1KB

MD5
5500bd7eac5b2452cb5232f9791c6ea0

SHA1
ecfea54d08a9ac5b7303d0b21912f14917d2393d

SHA256
2bd3ae118c5fb3bdcdadda74a8c56f817ca9c158ea1003e11b56b75c338af289

SHA512
d809e9c28f48a3598a3b373674fbfbb6e8aaf541479006f12ad78d833319fe5fcff78aa9767aa6f441b1a6cb2599e5a58a073442b1f659eef56a1d08ed008ac5

Download Submit