Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20231222-en -
resource tags
arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system -
submitted
14-01-2024 00:27
Static task
static1
Behavioral task
behavioral1
Sample
59ce339260dc2114375443b5992600f9.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
59ce339260dc2114375443b5992600f9.exe
Resource
win10v2004-20231222-en
General
-
Target
59ce339260dc2114375443b5992600f9.exe
-
Size
264KB
-
MD5
59ce339260dc2114375443b5992600f9
-
SHA1
37f064ada5dcacf9b6638bcdd2f858eef3518603
-
SHA256
f6a89f1bd3d3d1a061365f2cdc6149b0e25ad998a51ad0d289a299e6c3c91c57
-
SHA512
628e3b4d6db6dc25dd26bac524b2c712adf7cc936ce0a3186dcec8830f7f575b83a3e0dfed77e98c7b8ff5a8c6f54ac6ece4d0ea783fd7bf567126beeefbf65d
-
SSDEEP
6144:nf7lLkTfSUk1hDyhW9+VQ98MZwx3TLbQzc8IDGEDC4uP:nfRWS3jt+rWs3PMzcVDGCmP
Malware Config
Signatures
-
Drops autorun.inf file 1 TTPs 6 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
Processes:
59ce339260dc2114375443b5992600f9.exedescription ioc process File created C:\Autorun.inf 59ce339260dc2114375443b5992600f9.exe File opened for modification C:\Autorun.inf 59ce339260dc2114375443b5992600f9.exe File created D:\Autorun.inf 59ce339260dc2114375443b5992600f9.exe File opened for modification D:\Autorun.inf 59ce339260dc2114375443b5992600f9.exe File created F:\Autorun.inf 59ce339260dc2114375443b5992600f9.exe File opened for modification F:\Autorun.inf 59ce339260dc2114375443b5992600f9.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
59ce339260dc2114375443b5992600f9.exedescription pid process target process PID 4580 set thread context of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe -
Suspicious use of WriteProcessMemory 8 IoCs
Processes:
59ce339260dc2114375443b5992600f9.exedescription pid process target process PID 4580 wrote to memory of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe PID 4580 wrote to memory of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe PID 4580 wrote to memory of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe PID 4580 wrote to memory of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe PID 4580 wrote to memory of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe PID 4580 wrote to memory of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe PID 4580 wrote to memory of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe PID 4580 wrote to memory of 2396 4580 59ce339260dc2114375443b5992600f9.exe 59ce339260dc2114375443b5992600f9.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\59ce339260dc2114375443b5992600f9.exe"C:\Users\Admin\AppData\Local\Temp\59ce339260dc2114375443b5992600f9.exe"1⤵
- Drops autorun.inf file
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\59ce339260dc2114375443b5992600f9.exe"C:\Users\Admin\AppData\Local\Temp\59ce339260dc2114375443b5992600f9.exe"2⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2396-2-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/2396-13-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/2396-14-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/2396-12-0x0000000000400000-0x0000000000427000-memory.dmpFilesize
156KB
-
memory/4580-0-0x0000000000530000-0x0000000000538000-memory.dmpFilesize
32KB
-
memory/4580-1-0x0000000000530000-0x0000000000538000-memory.dmpFilesize
32KB