818480055b46faa0d3a7ee70c6ab845d588f2d7ff09bc7b77be9be71e8bb6271

Analysis

max time kernel
103s
max time network
129s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
10/01/2024, 18:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5141ef76a9f057066905b14b4fac4a06.exe
Size

126KB
MD5

5141ef76a9f057066905b14b4fac4a06
SHA1

340d130c846736efb2f1e7e5704295988deb806e
SHA256

818480055b46faa0d3a7ee70c6ab845d588f2d7ff09bc7b77be9be71e8bb6271
SHA512

db078daf4727479bbdafdbe33de229c699786ea5d16b836f98e064dc1ce6d0971edb040649240d069d1aa5603b325b6822ffc3a4e4648ce10d2359eb028b9956
SSDEEP

3072:TZ4J0UgQK/Rgqq/OByaXoojnXUjm5jRn+k17XMmZSpZ:TbUg1/lkOfjXUjm3n+cX

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
760	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2660 wrote to memory of 760	2660	5141ef76a9f057066905b14b4fac4a06.exe	28
PID 2660 wrote to memory of 760	2660	5141ef76a9f057066905b14b4fac4a06.exe	28
PID 2660 wrote to memory of 760	2660	5141ef76a9f057066905b14b4fac4a06.exe	28
PID 2660 wrote to memory of 760	2660	5141ef76a9f057066905b14b4fac4a06.exe	28

C:\Users\Admin\AppData\Local\Temp\5141ef76a9f057066905b14b4fac4a06.exe
"C:\Users\Admin\AppData\Local\Temp\5141ef76a9f057066905b14b4fac4a06.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2660
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Xxp..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Xxp..bat

Filesize
210B

MD5
803b4e525563d393474735d62de598a3

SHA1
db76f475839f1485cbe416104bcd65b74e373e6c

SHA256
2bc50961c91e265c6aa2f92aff35b628afde5781c0cfac165a32882037f5fd54

SHA512
28df56e763eb3973d1888eec925a4da89cb555a39e1bde5b18c527417bb4490c1dcc403a6dad23c69cd9acce79752b85fbdd4aafef79b478d08269b7d7341672

Download Submit
memory/2660-0-0x00000000001B0000-0x00000000001CA000-memory.dmp

Filesize
104KB

Download
memory/2660-1-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2660-3-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2660-4-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2660-6-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2660-7-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download
memory/2660-8-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download