Analysis
-
max time kernel
117s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
24-01-2024 05:01
Static task
static1
Behavioral task
behavioral1
Sample
7183776a810611794e61ad49486c4e65.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
7183776a810611794e61ad49486c4e65.exe
Resource
win10v2004-20231222-en
General
-
Target
7183776a810611794e61ad49486c4e65.exe
-
Size
249KB
-
MD5
7183776a810611794e61ad49486c4e65
-
SHA1
10714b56cf2147051add341a4ea140200bc44227
-
SHA256
71fe86e2bf0dd7688d0acf29f51b1d21db528969092d6f189a1975c080e6d2ba
-
SHA512
7e6a0498a0c3af4ce7584a361642c9ca25be209ed0fc726a43c41644c80a8012acd5f6f2cd29b0ad353babd201cb5c6521f8a47518ec6f2a8f0e896da82cbd32
-
SSDEEP
3072:n2TcFR/7qAN5vXgteGrwv8MT724/ORPuXAozjYA2kmiI:2I9qUkeGsbkA2NiI
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 2200 killa.exe -
Executes dropped EXE 1 IoCs
pid Process 2200 killa.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\killa.exe 7183776a810611794e61ad49486c4e65.exe File created C:\Windows\killa.exe 7183776a810611794e61ad49486c4e65.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1200 wrote to memory of 2200 1200 7183776a810611794e61ad49486c4e65.exe 28 PID 1200 wrote to memory of 2200 1200 7183776a810611794e61ad49486c4e65.exe 28 PID 1200 wrote to memory of 2200 1200 7183776a810611794e61ad49486c4e65.exe 28 PID 1200 wrote to memory of 2200 1200 7183776a810611794e61ad49486c4e65.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe"C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1200 -
C:\Windows\killa.exe"C:\Windows\killa.exe" 2C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe2⤵
- Deletes itself
- Executes dropped EXE
PID:2200
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
249KB
MD57183776a810611794e61ad49486c4e65
SHA110714b56cf2147051add341a4ea140200bc44227
SHA25671fe86e2bf0dd7688d0acf29f51b1d21db528969092d6f189a1975c080e6d2ba
SHA5127e6a0498a0c3af4ce7584a361642c9ca25be209ed0fc726a43c41644c80a8012acd5f6f2cd29b0ad353babd201cb5c6521f8a47518ec6f2a8f0e896da82cbd32