8ade36ca05b733841f178b46dabeefcd3cadb0d91ce83e0e313b68376c75189c

Analysis

max time kernel
144s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
26-01-2024 13:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7781c1145869cdf87cf61d671247e80e.exe
Size

379KB
MD5

7781c1145869cdf87cf61d671247e80e
SHA1

e2f76f546d3e4ff3e748fb6d4b1b3d2890c3b1da
SHA256

8ade36ca05b733841f178b46dabeefcd3cadb0d91ce83e0e313b68376c75189c
SHA512

6d1767dc3ef0751f7a1d4c4b43d621a48a06124780e57393e5a5a8039d66a90468e8ba09a44210d02e63ab06c0bb367755f43220c9c265f2a3c5bf1ad9cdf776
SSDEEP

6144:Lu2urzh9xu/XkauJza8em0Xs0anV3Ve1h3yU1OIGtNAkoIaNOBG29J8YLj4UdC/P:Lutrzh9xOXkFa8em0X0V3U1hx1OIGtNQ

Score

7^/10

Malware Config

Signatures

Drops startup file 3 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe	7781c1145869cdf87cf61d671247e80e.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe	7781c1145869cdf87cf61d671247e80e.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\__tmp_rar_sfx_access_check_259394796	7781c1145869cdf87cf61d671247e80e.exe

Executes dropped EXE 3 IoCs

pid	Process
3040	taskmgr.exe
3056	taskmgr.exe
2704	taskmgr.exe

Loads dropped DLL 12 IoCs

pid	Process
1044	7781c1145869cdf87cf61d671247e80e.exe
3040	taskmgr.exe
3040	taskmgr.exe
3040	taskmgr.exe
3040	taskmgr.exe
3056	taskmgr.exe
3056	taskmgr.exe
3056	taskmgr.exe
3056	taskmgr.exe
2704	taskmgr.exe
2704	taskmgr.exe
2704	taskmgr.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 3040 set thread context of 3056	3040	taskmgr.exe	29
PID 3056 set thread context of 2704	3056	taskmgr.exe	30

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3040	taskmgr.exe
3040	taskmgr.exe

Suspicious use of WriteProcessMemory 27 IoCs

description	pid	Process	procid_target
PID 1044 wrote to memory of 3040	1044	7781c1145869cdf87cf61d671247e80e.exe	28
PID 1044 wrote to memory of 3040	1044	7781c1145869cdf87cf61d671247e80e.exe	28
PID 1044 wrote to memory of 3040	1044	7781c1145869cdf87cf61d671247e80e.exe	28
PID 1044 wrote to memory of 3040	1044	7781c1145869cdf87cf61d671247e80e.exe	28
PID 1044 wrote to memory of 3040	1044	7781c1145869cdf87cf61d671247e80e.exe	28
PID 1044 wrote to memory of 3040	1044	7781c1145869cdf87cf61d671247e80e.exe	28
PID 1044 wrote to memory of 3040	1044	7781c1145869cdf87cf61d671247e80e.exe	28
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3040 wrote to memory of 3056	3040	taskmgr.exe	29
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30
PID 3056 wrote to memory of 2704	3056	taskmgr.exe	30

C:\Users\Admin\AppData\Local\Temp\7781c1145869cdf87cf61d671247e80e.exe
"C:\Users\Admin\AppData\Local\Temp\7781c1145869cdf87cf61d671247e80e.exe"
1⤵
- Drops startup file
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1044
- C:\Users\Admin\Start Menu\Programs\Startup\taskmgr.exe
  "C:\Users\Admin\Start Menu\Programs\Startup\taskmgr.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3040
- - C:\Users\Admin\Start Menu\Programs\Startup\taskmgr.exe
    "C:\Users\Admin\Start Menu\Programs\Startup\taskmgr.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:3056
  - - C:\Users\Admin\Start Menu\Programs\Startup\taskmgr.exe
      mine.exe -a 59 -o http://hdzx.aquarium-stakany.org:8332/ -u redem_guild -p ludaxxxkxx
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2704

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\taskmgr.exe

Filesize
806KB

MD5
47cfdf331a80b2028a1b8aca61bd191b

SHA1
d10bd40a735c6efbfa4fbfa6c842b4db5dba9445

SHA256
c1a6cb5e7d001839c2ce9d368aacf34767867bce2309f9d28de95c7985a6cd1d

SHA512
9ece7f127ddc29285214e7386951335719242a35001bc54c80aceb07c60f185b1eb6dce74a3b05760aec540888b529e73388f0d8ee26d4a41e3b54588e351a0d

Download Submit
memory/1044-5-0x0000000003600000-0x000000000369B000-memory.dmp

Filesize
620KB

Download
memory/2704-61-0x0000000000270000-0x0000000000271000-memory.dmp

Filesize
4KB

Download
memory/2704-48-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-90-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-88-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-62-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-86-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-84-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-82-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-80-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-31-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-33-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-35-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-38-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-40-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-42-0x00000000004FD000-0x0000000000537000-memory.dmp

Filesize
232KB

Download
memory/2704-41-0x00000000004FD000-0x0000000000537000-memory.dmp

Filesize
232KB

Download
memory/2704-47-0x0000000000230000-0x00000000002CB000-memory.dmp

Filesize
620KB

Download
memory/2704-70-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-46-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-51-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-50-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-49-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-52-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-54-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-64-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-59-0x0000000000330000-0x0000000000335000-memory.dmp

Filesize
20KB

Download
memory/2704-58-0x0000000000340000-0x0000000000342000-memory.dmp

Filesize
8KB

Download
memory/2704-60-0x00000000002A0000-0x00000000002EB000-memory.dmp

Filesize
300KB

Download
memory/2704-78-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-76-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-53-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-74-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-65-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-72-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/2704-67-0x0000000000400000-0x0000000000537000-memory.dmp

Filesize
1.2MB

Download
memory/2704-68-0x0000000000400000-0x00000000005368DA-memory.dmp

Filesize
1.2MB

Download
memory/3040-21-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3040-13-0x0000000000230000-0x00000000002CB000-memory.dmp

Filesize
620KB

Download
memory/3040-8-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3040-17-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/3056-29-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-24-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-75-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-18-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/3056-77-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-73-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-79-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-69-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-81-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-63-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-83-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-15-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-85-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-66-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-87-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-20-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-89-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download
memory/3056-71-0x0000000000400000-0x000000000043B000-memory.dmp

Filesize
236KB

Download