71fe86e2bf0dd7688d0acf29f51b1d21db528969092d6f189a1975c080e6d2ba

Analysis

max time kernel
117s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-01-2024 05:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7183776a810611794e61ad49486c4e65.exe
Size

249KB
MD5

7183776a810611794e61ad49486c4e65
SHA1

10714b56cf2147051add341a4ea140200bc44227
SHA256

71fe86e2bf0dd7688d0acf29f51b1d21db528969092d6f189a1975c080e6d2ba
SHA512

7e6a0498a0c3af4ce7584a361642c9ca25be209ed0fc726a43c41644c80a8012acd5f6f2cd29b0ad353babd201cb5c6521f8a47518ec6f2a8f0e896da82cbd32
SSDEEP

3072:n2TcFR/7qAN5vXgteGrwv8MT724/ORPuXAozjYA2kmiI:2I9qUkeGsbkA2NiI

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2200	killa.exe

Executes dropped EXE 1 IoCs

pid	Process
2200	killa.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\killa.exe	7183776a810611794e61ad49486c4e65.exe
File created	C:\Windows\killa.exe	7183776a810611794e61ad49486c4e65.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2200	1200	7183776a810611794e61ad49486c4e65.exe	28
PID 1200 wrote to memory of 2200	1200	7183776a810611794e61ad49486c4e65.exe	28
PID 1200 wrote to memory of 2200	1200	7183776a810611794e61ad49486c4e65.exe	28
PID 1200 wrote to memory of 2200	1200	7183776a810611794e61ad49486c4e65.exe	28

C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe
"C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Windows\killa.exe
  "C:\Windows\killa.exe" 2C:\Users\Admin\AppData\Local\Temp\7183776a810611794e61ad49486c4e65.exe
  2⤵
  - Deletes itself
  - Executes dropped EXE
  PID:2200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\killa.exe

Filesize
249KB

MD5
7183776a810611794e61ad49486c4e65

SHA1
10714b56cf2147051add341a4ea140200bc44227

SHA256
71fe86e2bf0dd7688d0acf29f51b1d21db528969092d6f189a1975c080e6d2ba

SHA512
7e6a0498a0c3af4ce7584a361642c9ca25be209ed0fc726a43c41644c80a8012acd5f6f2cd29b0ad353babd201cb5c6521f8a47518ec6f2a8f0e896da82cbd32

Download Submit