34c68cb89e2052b9d6a4b453b61fb1d24a347212d35478a92277317603924d5e

General

Target

7511b6aa64c28678203a59305da554f9.exe
Size

628KB
MD5

7511b6aa64c28678203a59305da554f9
SHA1

75644207828d02689738034e6eb084cf797bdf6f
SHA256

34c68cb89e2052b9d6a4b453b61fb1d24a347212d35478a92277317603924d5e
SHA512

e6bea935bb933f306d7a6bb76c2748f0586c33c54ad74ed0bc480f468610d98176ebc120af8ecedd8702d11e1eece4e9c75991e56a7ea8a6b4b9726c55b127d9
SSDEEP

12288:pUaHSIUvBl7H6xDYY7WZrpiB1+F3Z4mxx64IxSo62jDrkAwha:6aHSIGB96xsY78pif+QmXqsohkDM

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

7511b6aa64c28678203a59305da554f9.exe

description	ioc	process
File opened (read-only)	\??\O:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\S:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\X:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\Z:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\W:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\B:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\L:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\M:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\Q:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\V:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\P:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\R:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\T:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\A:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\E:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\H:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\I:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\N:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\U:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\G:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\J:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\K:	7511b6aa64c28678203a59305da554f9.exe
File opened (read-only)	\??\Y:	7511b6aa64c28678203a59305da554f9.exe

Drops autorun.inf file 1 TTPs 2 IoCs

Malware can abuse Windows Autorun to spread further via attached volumes.

Replication Through Removable Media

T1091

Processes:

7511b6aa64c28678203a59305da554f9.exe

description	ioc	process
File opened for modification	F:\AutoRun.inf	7511b6aa64c28678203a59305da554f9.exe
File opened for modification	C:\AutoRun.inf	7511b6aa64c28678203a59305da554f9.exe

Drops file in Program Files directory 1 IoCs

Processes:

7511b6aa64c28678203a59305da554f9.exe

description ioc process

File created C:\Program Files\Common Files\Microsoft Shared\MSINFO\paramstr.txt 7511b6aa64c28678203a59305da554f9.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

2720 2220 WerFault.exe 7511b6aa64c28678203a59305da554f9.exe

description	ioc	process
File created	C:\Program Files\Common Files\Microsoft Shared\MSINFO\paramstr.txt	7511b6aa64c28678203a59305da554f9.exe

pid	pid_target	process	target process
2720	2220	WerFault.exe	7511b6aa64c28678203a59305da554f9.exe

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

7511b6aa64c28678203a59305da554f9.exe

description	pid	process	target process
PID 2220 wrote to memory of 2800	2220	7511b6aa64c28678203a59305da554f9.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2800	2220	7511b6aa64c28678203a59305da554f9.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2800	2220	7511b6aa64c28678203a59305da554f9.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2800	2220	7511b6aa64c28678203a59305da554f9.exe	IEXPLORE.EXE
PID 2220 wrote to memory of 2720	2220	7511b6aa64c28678203a59305da554f9.exe	WerFault.exe
PID 2220 wrote to memory of 2720	2220	7511b6aa64c28678203a59305da554f9.exe	WerFault.exe
PID 2220 wrote to memory of 2720	2220	7511b6aa64c28678203a59305da554f9.exe	WerFault.exe
PID 2220 wrote to memory of 2720	2220	7511b6aa64c28678203a59305da554f9.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\7511b6aa64c28678203a59305da554f9.exe
"C:\Users\Admin\AppData\Local\Temp\7511b6aa64c28678203a59305da554f9.exe"
1⤵
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 316
2⤵
- Program crash
PID:2720

C:\program files\internet explorer\IEXPLORE.EXE
"C:\program files\internet explorer\IEXPLORE.EXE"
2⤵
PID:2800

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Replication Through Removable Media

1

T1091

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

Lateral Movement

Replication Through Removable Media

1

T1091

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\AutoRun.inf
Filesize
157B

MD5
d27451cf32abe7a48f20a44c1d240777

SHA1
ebe8640298f71d3d7191ea7e7dbf618c4f620d08

SHA256
e62b737c2867f81414ff038e3d1ca72a14d77fba22b8f0cb0575e50262eb5568

SHA512
1df9eb1cf7d91e2ffc7826af910b26e710d510bc0dbeee85832a43ea3b9da034c905aa24d70fb7311fdee44a9e5b4ff97000ca708de89c9f5354dbf137d73101

Download Submit
memory/2220-0-0x0000000000400000-0x0000000000515000-memory.dmp

Filesize
1.1MB

Download
memory/2220-2-0x00000000020C0000-0x00000000020C1000-memory.dmp

Filesize
4KB

Download
memory/2220-9-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/2220-20-0x00000000033B0000-0x00000000033B1000-memory.dmp

Filesize
4KB

Download
memory/2220-46-0x0000000003410000-0x0000000003411000-memory.dmp

Filesize
4KB

Download
memory/2220-57-0x00000000035D0000-0x00000000035D1000-memory.dmp

Filesize
4KB

Download
memory/2220-56-0x00000000035A0000-0x00000000035A1000-memory.dmp

Filesize
4KB

Download
memory/2220-55-0x00000000035B0000-0x00000000035B1000-memory.dmp

Filesize
4KB

Download
memory/2220-64-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/2220-82-0x0000000004240000-0x0000000004241000-memory.dmp

Filesize
4KB

Download
memory/2220-81-0x00000000040F0000-0x00000000040F1000-memory.dmp

Filesize
4KB

Download
memory/2220-80-0x0000000004100000-0x0000000004101000-memory.dmp

Filesize
4KB

Download
memory/2220-79-0x00000000040D0000-0x00000000040D1000-memory.dmp

Filesize
4KB

Download
memory/2220-78-0x00000000040B0000-0x00000000040B1000-memory.dmp

Filesize
4KB

Download
memory/2220-77-0x00000000040C0000-0x00000000040C1000-memory.dmp

Filesize
4KB

Download
memory/2220-76-0x0000000004090000-0x0000000004091000-memory.dmp

Filesize
4KB

Download
memory/2220-75-0x00000000040A0000-0x00000000040A1000-memory.dmp

Filesize
4KB

Download
memory/2220-74-0x0000000004070000-0x0000000004071000-memory.dmp

Filesize
4KB

Download
memory/2220-73-0x0000000004050000-0x0000000004051000-memory.dmp

Filesize
4KB

Download
memory/2220-72-0x0000000004060000-0x0000000004061000-memory.dmp

Filesize
4KB

Download
memory/2220-71-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/2220-70-0x00000000036D0000-0x00000000036D1000-memory.dmp

Filesize
4KB

Download
memory/2220-69-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/2220-68-0x0000000003660000-0x0000000003661000-memory.dmp

Filesize
4KB

Download
memory/2220-67-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/2220-66-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/2220-65-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/2220-63-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/2220-62-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/2220-61-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/2220-60-0x00000000035E0000-0x00000000035E1000-memory.dmp

Filesize
4KB

Download
memory/2220-59-0x00000000035F0000-0x00000000035F1000-memory.dmp

Filesize
4KB

Download
memory/2220-58-0x00000000035C0000-0x00000000035C1000-memory.dmp

Filesize
4KB

Download
memory/2220-54-0x0000000003580000-0x0000000003581000-memory.dmp

Filesize
4KB

Download
memory/2220-53-0x0000000003590000-0x0000000003591000-memory.dmp

Filesize
4KB

Download
memory/2220-52-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/2220-51-0x0000000003440000-0x0000000003441000-memory.dmp

Filesize
4KB

Download
memory/2220-50-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/2220-49-0x0000000003420000-0x0000000003421000-memory.dmp

Filesize
4KB

Download
memory/2220-48-0x0000000003430000-0x0000000003431000-memory.dmp

Filesize
4KB

Download
memory/2220-47-0x0000000003400000-0x0000000003401000-memory.dmp

Filesize
4KB

Download
memory/2220-45-0x00000000033E0000-0x00000000033E1000-memory.dmp

Filesize
4KB

Download
memory/2220-44-0x00000000033F0000-0x00000000033F1000-memory.dmp

Filesize
4KB

Download
memory/2220-43-0x00000000033C0000-0x00000000033C1000-memory.dmp

Filesize
4KB

Download
memory/2220-42-0x00000000033D0000-0x00000000033D1000-memory.dmp

Filesize
4KB

Download
memory/2220-41-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/2220-40-0x00000000024D0000-0x00000000024D1000-memory.dmp

Filesize
4KB

Download
memory/2220-39-0x0000000002580000-0x0000000002581000-memory.dmp

Filesize
4KB

Download
memory/2220-38-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2220-36-0x00000000002B0000-0x00000000002B1000-memory.dmp

Filesize
4KB

Download
memory/2220-35-0x00000000002A0000-0x00000000002A1000-memory.dmp

Filesize
4KB

Download
memory/2220-34-0x0000000002110000-0x0000000002111000-memory.dmp

Filesize
4KB

Download
memory/2220-33-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2220-13-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/2220-12-0x0000000003360000-0x0000000003363000-memory.dmp

Filesize
12KB

Download
memory/2220-11-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2220-10-0x0000000000690000-0x0000000000691000-memory.dmp

Filesize
4KB

Download
memory/2220-8-0x00000000020D0000-0x00000000020D1000-memory.dmp

Filesize
4KB

Download
memory/2220-7-0x00000000020E0000-0x00000000020E1000-memory.dmp

Filesize
4KB

Download
memory/2220-6-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2220-5-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2220-4-0x00000000020F0000-0x00000000020F1000-memory.dmp

Filesize
4KB

Download
memory/2220-3-0x00000000020A0000-0x00000000020A1000-memory.dmp

Filesize
4KB

Download
memory/2220-1-0x0000000000620000-0x0000000000674000-memory.dmp

Filesize
336KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads