Resubmissions
19/01/2024, 00:20
240119-am4dwsbce4 8Analysis
-
max time kernel
122s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
-
submitted
19/01/2024, 00:20
General
-
Target
6669e8e8610751be29f77cb5b2785c82.exe
-
Size
16KB
-
MD5
6669e8e8610751be29f77cb5b2785c82
-
SHA1
cf9c879fcc705173cd27c00abc51fe264a5c7368
-
SHA256
9fd102b9dd9b3ff6f64dff8ff6f28a99df4ba883d78110d3e8639abbf644fc8e
-
SHA512
0061a7481e8f958afb54446f8afcb7ed78e172437be45a324331e203cbdd212d743166c85b9795279a53edd25136d5cba5b3dc31a89d2bdfd48bac7c0b00dc60
-
SSDEEP
384:BWv4oppbnaOKlGo+qY2KWUHWtTHshgCAZ+Fv7IklVOKu5u4TKx5u8Q6a:QzbnarlGNuU2tIhgZwa3KXa
Malware Config
Signatures
-
Sets service image path in registry 2 TTPs 1 IoCs
-
Deletes itself 1 IoCs
-
Drops file in System32 directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6669e8e8610751be29f77cb5b2785c82.exe"C:\Users\Admin\AppData\Local\Temp\6669e8e8610751be29f77cb5b2785c82.exe"1⤵
- Sets service image path in registry
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\del.bat2⤵
- Deletes itself
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
211B
MD5c0f39c261aa579ad8699b74a123822e0
SHA1cc34c9b29faf1430e92d40dd634c3c935fcd646b
SHA2569522fd81abeb397953f523995349f5cbcce543d8d3285d4ab180651395fccf74
SHA5121dbcfa7317ef9184c445965ff0d7516e65bc707a8affe5ff3e276305e08c10d7f2c9d7494ed4e9c79e749101a4f4813a7a0e966d268fa841a639146346054afd
-
Filesize
4KB