Analysis

  • max time kernel
    117s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    24-01-2024 05:01

General

  • Target

    7183776a810611794e61ad49486c4e65.exe

  • Size

    249KB

  • MD5

    7183776a810611794e61ad49486c4e65

  • SHA1

    10714b56cf2147051add341a4ea140200bc44227

  • SHA256

    71fe86e2bf0dd7688d0acf29f51b1d21db528969092d6f189a1975c080e6d2ba

  • SHA512

    7e6a0498a0c3af4ce7584a361642c9ca25be209ed0fc726a43c41644c80a8012acd5f6f2cd29b0ad353babd201cb5c6521f8a47518ec6f2a8f0e896da82cbd32

  • SSDEEP

    3072:n2TcFR/7qAN5vXgteGrwv8MT724/ORPuXAozjYA2kmiI:2I9qUkeGsbkA2NiI

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe
    "C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:1200
    • C:\Windows\killa.exe
      "C:\Windows\killa.exe" 2C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe
      2⤵
      • Deletes itself
      • Executes dropped EXE
      PID:2200

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\killa.exe

    Filesize

    249KB

    MD5

    7183776a810611794e61ad49486c4e65

    SHA1

    10714b56cf2147051add341a4ea140200bc44227

    SHA256

    71fe86e2bf0dd7688d0acf29f51b1d21db528969092d6f189a1975c080e6d2ba

    SHA512

    7e6a0498a0c3af4ce7584a361642c9ca25be209ed0fc726a43c41644c80a8012acd5f6f2cd29b0ad353babd201cb5c6521f8a47518ec6f2a8f0e896da82cbd32