c79a698dbdd0e68ccaf999f3cf8cc3514e05ce5010619722ac6fe12741e8e869

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24/01/2024, 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

774d2de5a283b80065f2907c16a3ec02.exe
Size

604KB
MD5

774d2de5a283b80065f2907c16a3ec02
SHA1

8b65ee77f337f0967774f12729d2630c7031b564
SHA256

c79a698dbdd0e68ccaf999f3cf8cc3514e05ce5010619722ac6fe12741e8e869
SHA512

d9818e426e455b0150251eadfc97d0fb1a462a6d01c3718616bdab47702e5a347b440c210f0d3d7183abb573a8855354f3893bb9006bcb924ea4392c44d8aaba
SSDEEP

6144:Q+M2cnUTJ1Zwv80utvvq81vggUNqulq+p/VQUQfuT3QnxzBlw91wZOiRPPN8xrzG:Q+M2cnwZV0utvvqpqulq+TZyzjPVUFKD

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2272	RT240124.exe

Loads dropped DLL 4 IoCs

pid	Process
2432	774d2de5a283b80065f2907c16a3ec02.exe
2432	774d2de5a283b80065f2907c16a3ec02.exe
2432	774d2de5a283b80065f2907c16a3ec02.exe
2432	774d2de5a283b80065f2907c16a3ec02.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2432	774d2de5a283b80065f2907c16a3ec02.exe
2272	RT240124.exe
2272	RT240124.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2432 wrote to memory of 2272	2432	774d2de5a283b80065f2907c16a3ec02.exe	28
PID 2432 wrote to memory of 2272	2432	774d2de5a283b80065f2907c16a3ec02.exe	28
PID 2432 wrote to memory of 2272	2432	774d2de5a283b80065f2907c16a3ec02.exe	28
PID 2432 wrote to memory of 2272	2432	774d2de5a283b80065f2907c16a3ec02.exe	28

C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02.exe
"C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432
- C:\Users\Admin\AppData\Local\Temp\RT240124.exe
  "C:\Users\Admin\AppData\Local\Temp\RT240124.exe" /Restore "C:\Users\Admin\AppData\Local\Temp\774d2de5a283b80065f2907c16a3ec02"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\RT240124.exe

Filesize
604KB

MD5
774d2de5a283b80065f2907c16a3ec02

SHA1
8b65ee77f337f0967774f12729d2630c7031b564

SHA256
c79a698dbdd0e68ccaf999f3cf8cc3514e05ce5010619722ac6fe12741e8e869

SHA512
d9818e426e455b0150251eadfc97d0fb1a462a6d01c3718616bdab47702e5a347b440c210f0d3d7183abb573a8855354f3893bb9006bcb924ea4392c44d8aaba

Download Submit