e2e3600cd8161ce00ed17478629b27bdc920621da523cf281af883b8298e1b3e

Analysis

max time kernel
118s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
13/01/2024, 11:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58dc8f671c03b8bc3219073a215aca20.exe
Size

1004KB
MD5

58dc8f671c03b8bc3219073a215aca20
SHA1

6fe689d1401f90bf09ad956fa49f69f6751e8b5c
SHA256

e2e3600cd8161ce00ed17478629b27bdc920621da523cf281af883b8298e1b3e
SHA512

48ba697f5381b889c1c8a6168e9d2711decb9d0d14002a986fb271aeeebebe4c732335d126122cbb2913c6f6ef997bfdb5a99fa485cd649bb009fa67cedd05cb
SSDEEP

24576:MIO7aIRXji8pExZalFBelNA51oMDN2vW2PMOtjaKqt/tFUCXFp:ToRXji8pExZalm/H0NEt25tFUob

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2724	pointblank.exe

Loads dropped DLL 1 IoCs

pid	Process
2860	58dc8f671c03b8bc3219073a215aca20.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 2724	2860	58dc8f671c03b8bc3219073a215aca20.exe	27
PID 2860 wrote to memory of 2724	2860	58dc8f671c03b8bc3219073a215aca20.exe	27
PID 2860 wrote to memory of 2724	2860	58dc8f671c03b8bc3219073a215aca20.exe	27
PID 2860 wrote to memory of 2724	2860	58dc8f671c03b8bc3219073a215aca20.exe	27

C:\Users\Admin\AppData\Local\Temp\58dc8f671c03b8bc3219073a215aca20.exe
"C:\Users\Admin\AppData\Local\Temp\58dc8f671c03b8bc3219073a215aca20.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Users\Admin\AppData\Local\Temp\pointblank.exe
  "C:\Users\Admin\AppData\Local\Temp\pointblank.exe"
  2⤵
  - Executes dropped EXE
  PID:2724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\pointblank.exe

Filesize
406KB

MD5
02a86b30879740f3889a73bb11576d5f

SHA1
f36b9570dcb0623c9f87133a288692d7b10a59e3

SHA256
98392dcaccaa6a4a6672235e1d3b75a83e9d8785f2c36ab0027eaddf26c93bd7

SHA512
60de3f0578ee6c2862f2fe7b42380382ec6f3fa1daf9960cf3c32171e32d2219d6e394c41c2ef884149c338c232ba52251166b0c6edcd7727516952c36a74f14

Download Submit
\Users\Admin\AppData\Local\Temp\pointblank.exe

Filesize
393KB

MD5
eeabd549d9b459c9b6048fc773369227

SHA1
c83e6d5377d3fc5f916090531a6d962acde01cc8

SHA256
9dd5f6ae7e0c3ef389600c0a677dcf3bd66990c2effa39f4b02d8b1cf7ce286a

SHA512
51d7b9224e7dfa4f780f34268d6f621904b566e32a51519fa288c2baaf4537aa513b22ca6a6badd9a20d7700814a5d4d2f2372c95cb25205690240d67fcea5b3

Download Submit
memory/2860-0-0x0000000000400000-0x00000000005B6000-memory.dmp

Filesize
1.7MB

Download
memory/2860-7-0x0000000000400000-0x00000000005B6000-memory.dmp

Filesize
1.7MB

Download