692266354e686cf064efedb1a2fb80c23324097b5592377714e811312c64d6d6

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 07:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

670f0a36b5ffe74b8b619a5eb734681d.exe
Size

93KB
MD5

670f0a36b5ffe74b8b619a5eb734681d
SHA1

5bdef2776d0fd5a6fd7afa4568c8a063fee5ca6c
SHA256

692266354e686cf064efedb1a2fb80c23324097b5592377714e811312c64d6d6
SHA512

78d8cfc32e166686883e732bf6865d28a3d666f318cf34d5e2e844a042d1ddf640ae89b68240e4c7ca63fafdc05ae5fe018398e497d79a986fb56794a6013c88
SSDEEP

1536:mGyQT05QG70AQz6CwvonnZfr0od8yQoAX2D357dGweFrBNo8DirUrlFIy:mWZD0o3A2lZirztrlFIy

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2964	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2880 wrote to memory of 2964	2880	670f0a36b5ffe74b8b619a5eb734681d.exe	28
PID 2880 wrote to memory of 2964	2880	670f0a36b5ffe74b8b619a5eb734681d.exe	28
PID 2880 wrote to memory of 2964	2880	670f0a36b5ffe74b8b619a5eb734681d.exe	28
PID 2880 wrote to memory of 2964	2880	670f0a36b5ffe74b8b619a5eb734681d.exe	28

C:\Users\Admin\AppData\Local\Temp\670f0a36b5ffe74b8b619a5eb734681d.exe
"C:\Users\Admin\AppData\Local\Temp\670f0a36b5ffe74b8b619a5eb734681d.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2880
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Jzv..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Jzv..bat

Filesize
210B

MD5
3b4645896cf8d7f7eafdfa366fc4b556

SHA1
1e70b362862d6a5fff3bcf47a5723ff90b13abfd

SHA256
948b460c0cca830e1397395a28b6a72f3eea67d7ebdcd250dda1bc2004757805

SHA512
d96bf15fdca9beda711de86810bb449660f666145bb10fc5ebe681ba26aa19152b91e071d54cf6bff9640575ce5fb76a62d924c2df7dd160e5e449c597268556

Download Submit
memory/2880-1-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2880-0-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2880-2-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2880-3-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2880-5-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download