Analysis
-
max time kernel
141s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20231215-en -
resource tags
arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system -
submitted
25-01-2024 06:19
Static task
static1
Behavioral task
behavioral1
Sample
73f3e81bcd66f7183d55366d2396328b.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
73f3e81bcd66f7183d55366d2396328b.exe
Resource
win10v2004-20231215-en
General
-
Target
73f3e81bcd66f7183d55366d2396328b.exe
-
Size
29.8MB
-
MD5
73f3e81bcd66f7183d55366d2396328b
-
SHA1
abe16e6f5471c65e7d099903ad2a895c4461174b
-
SHA256
f0258ca7b052d82aab6447d7feb1c640abff936b4c02df3a2e3d93c9c476f5f8
-
SHA512
e10f0d10605aae108ad6665c486f03ad84b646eee08651ba87490de04e6d64e464689ede8a61f4ae0ef1d1a901068bb1b62eba20f4520553a1208a70dcddd28c
-
SSDEEP
786432:n5u8ob3fF8LjmdPYYJLhsSSiBgUBk5kb9PegMK2WiFN0JBdUZN:szuP1YJVjBgIkK2h7
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
73f3e81bcd66f7183d55366d2396328b.tmppid process 1416 73f3e81bcd66f7183d55366d2396328b.tmp -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
73f3e81bcd66f7183d55366d2396328b.exedescription pid process target process PID 1924 wrote to memory of 1416 1924 73f3e81bcd66f7183d55366d2396328b.exe 73f3e81bcd66f7183d55366d2396328b.tmp PID 1924 wrote to memory of 1416 1924 73f3e81bcd66f7183d55366d2396328b.exe 73f3e81bcd66f7183d55366d2396328b.tmp PID 1924 wrote to memory of 1416 1924 73f3e81bcd66f7183d55366d2396328b.exe 73f3e81bcd66f7183d55366d2396328b.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\73f3e81bcd66f7183d55366d2396328b.exe"C:\Users\Admin\AppData\Local\Temp\73f3e81bcd66f7183d55366d2396328b.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-AQI4M.tmp\73f3e81bcd66f7183d55366d2396328b.tmp"C:\Users\Admin\AppData\Local\Temp\is-AQI4M.tmp\73f3e81bcd66f7183d55366d2396328b.tmp" /SL5="$F0060,30955975,78848,C:\Users\Admin\AppData\Local\Temp\73f3e81bcd66f7183d55366d2396328b.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-AQI4M.tmp\73f3e81bcd66f7183d55366d2396328b.tmpFilesize
694KB
MD53c847fe463036a9ff1c87fa6d3b3d942
SHA131e694e7e32a5e984062144a2d3d720e3fe9a8e1
SHA256512dedef0809ef27428506d896a58af5e3a00c5f813f18554bbda2989114bb58
SHA5122bef21e2ffbd68c1169261fc9e317a25a765d614438863391ca94f0728fe79b4a74dc2612a3abb1b1e28d2ea35c4f7c8d9975f7764c6acd1c88ad4fb189c7058
-
memory/1416-7-0x0000000000760000-0x0000000000761000-memory.dmpFilesize
4KB
-
memory/1416-14-0x0000000000400000-0x00000000004BC000-memory.dmpFilesize
752KB
-
memory/1416-17-0x0000000000760000-0x0000000000761000-memory.dmpFilesize
4KB
-
memory/1924-0-0x0000000000400000-0x000000000041A000-memory.dmpFilesize
104KB
-
memory/1924-2-0x0000000000400000-0x000000000041A000-memory.dmpFilesize
104KB
-
memory/1924-13-0x0000000000400000-0x000000000041A000-memory.dmpFilesize
104KB