Overview

overview

7

Static

static

3

59ce339260...f9.exe

windows7-x64

7

59ce339260...f9.exe

windows10-2004-x64

5

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-01-2024 00:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    59ce339260dc2114375443b5992600f9.exe

  • Size

    264KB

  • MD5

    59ce339260dc2114375443b5992600f9

  • SHA1

    37f064ada5dcacf9b6638bcdd2f858eef3518603

  • SHA256

    f6a89f1bd3d3d1a061365f2cdc6149b0e25ad998a51ad0d289a299e6c3c91c57

  • SHA512

    628e3b4d6db6dc25dd26bac524b2c712adf7cc936ce0a3186dcec8830f7f575b83a3e0dfed77e98c7b8ff5a8c6f54ac6ece4d0ea783fd7bf567126beeefbf65d

  • SSDEEP

    6144:nf7lLkTfSUk1hDyhW9+VQ98MZwx3TLbQzc8IDGEDC4uP:nfRWS3jt+rWs3PMzcVDGCmP

Score
5/10

Malware Config

Signatures

  • Drops autorun.inf file 1 TTPs 6 IoCs

    Malware can abuse Windows Autorun to spread further via attached volumes.

  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\59ce339260dc2114375443b5992600f9.exe
    "C:\Users\Admin\AppData\Local\Temp\59ce339260dc2114375443b5992600f9.exe"
    1⤵
    • Drops autorun.inf file
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Users\Admin\AppData\Local\Temp\59ce339260dc2114375443b5992600f9.exe
      "C:\Users\Admin\AppData\Local\Temp\59ce339260dc2114375443b5992600f9.exe"
      2⤵
        PID:2396

    Network

    MITRE ATT&CK Matrix ATT&CK v13

    Initial Access

    Replication Through Removable Media

    1
    T1091

    Execution

    Persistence

    Privilege Escalation

    Defense Evasion

    Credential Access

    Discovery

    Lateral Movement

    Replication Through Removable Media

    1
    T1091

    Collection

    Exfiltration

    Command and Control

    Impact

    Resource Development

    Reconnaissance

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2396-2-0x0000000000400000-0x0000000000427000-memory.dmp
      Filesize

      156KB

      Download
    • memory/2396-13-0x0000000000400000-0x0000000000427000-memory.dmp
      Filesize

      156KB

      Download
    • memory/2396-14-0x0000000000400000-0x0000000000427000-memory.dmp
      Filesize

      156KB

      Download
    • memory/2396-12-0x0000000000400000-0x0000000000427000-memory.dmp
      Filesize

      156KB

      Download
    • memory/4580-0-0x0000000000530000-0x0000000000538000-memory.dmp
      Filesize

      32KB

      Download
    • memory/4580-1-0x0000000000530000-0x0000000000538000-memory.dmp
      Filesize

      32KB

      Download