7bf8b9aa9c63656ddd1dc70a08814ca946d1fc140b2f6a0ba84e2ba9b05ae41e

Analysis

max time kernel
118s
max time network
121s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
18/01/2024, 09:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6504d042f8e452b67da0365221736a0b.exe
Size

244KB
MD5

6504d042f8e452b67da0365221736a0b
SHA1

cd26194dfedb3a3fd77d779d1b0812dd2ba84b79
SHA256

7bf8b9aa9c63656ddd1dc70a08814ca946d1fc140b2f6a0ba84e2ba9b05ae41e
SHA512

bf80d33c1abeaf293bd5358a1cdafecd3f63f4bf185cca5f0facf4ad8274959a03ec3e4b7734e91cf51365f6efa2f78296faa4f087d8b5b674d00463fb2e35b4
SSDEEP

6144:zOUj+bBvkSHQeZdz+654mE/vf9pd7ngyqhY:zOUj+bBDHLZdK6amE/NVcY

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2760	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 2760	1204	6504d042f8e452b67da0365221736a0b.exe	28
PID 1204 wrote to memory of 2760	1204	6504d042f8e452b67da0365221736a0b.exe	28
PID 1204 wrote to memory of 2760	1204	6504d042f8e452b67da0365221736a0b.exe	28
PID 1204 wrote to memory of 2760	1204	6504d042f8e452b67da0365221736a0b.exe	28
PID 1204 wrote to memory of 2760	1204	6504d042f8e452b67da0365221736a0b.exe	28
PID 1204 wrote to memory of 2760	1204	6504d042f8e452b67da0365221736a0b.exe	28
PID 1204 wrote to memory of 2760	1204	6504d042f8e452b67da0365221736a0b.exe	28

C:\Users\Admin\AppData\Local\Temp\6504d042f8e452b67da0365221736a0b.exe
"C:\Users\Admin\AppData\Local\Temp\6504d042f8e452b67da0365221736a0b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Fjz..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2760

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Fjz..bat

Filesize
210B

MD5
9f76a4c00860017647ddf2837c1a9a33

SHA1
5e5ba10b10bd7a44a53738eb2de8c5c7fdb675c7

SHA256
236d98fc44527691ce93ff7a2cdad51cfcba741c7c11c3f42760fd8231f74564

SHA512
48329b420c725e67ca723d6c34058d8da2d73b32b7cd7d05b61bdce6b4459d350afb8febb66a59a7544aea33adf74d71edccd9944a373085732cddcdd2ed63b0

Download Submit
memory/1204-0-0x00000000001D0000-0x00000000001EA000-memory.dmp

Filesize
104KB

Download
memory/1204-1-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download
memory/1204-3-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download