9ae9638cd582a6420d415080927022c9f9cb7f43f264dfc0d06e9f272ed474d6

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 00:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7badb8b93b46f317ab321390cab39b8a.exe
Size

28KB
MD5

7badb8b93b46f317ab321390cab39b8a
SHA1

a63cd2a2e6b0649657c3aa0a291eca25ac582485
SHA256

9ae9638cd582a6420d415080927022c9f9cb7f43f264dfc0d06e9f272ed474d6
SHA512

859272a9216ef094b9ae531f67494b2f51a376953a7333e07130c7d6af803a9a67e1301d4de3c4ee3aa10aabb638fe03a8b8db3501cdbccb15590daccc1742b7
SSDEEP

768:1r58wMSlVUqjHZDL0uH95wXL9yRTH7sQUiqASuUrCZkuID:1r5BMSnUqd9IcJUiauU2Zkua

Score

7^/10

upx

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
852	cmd.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2184-0-0x0000000000400000-0x0000000000413000-memory.dmp	upx
behavioral1/memory/2184-2-0x0000000000400000-0x0000000000413000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 852	2184	7badb8b93b46f317ab321390cab39b8a.exe	28
PID 2184 wrote to memory of 852	2184	7badb8b93b46f317ab321390cab39b8a.exe	28
PID 2184 wrote to memory of 852	2184	7badb8b93b46f317ab321390cab39b8a.exe	28
PID 2184 wrote to memory of 852	2184	7badb8b93b46f317ab321390cab39b8a.exe	28

C:\Users\Admin\AppData\Local\Temp\7badb8b93b46f317ab321390cab39b8a.exe
"C:\Users\Admin\AppData\Local\Temp\7badb8b93b46f317ab321390cab39b8a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2184
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\a..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:852

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a..bat

Filesize
210B

MD5
b2c4b3c4d6c09d24e8065633b12407bb

SHA1
dd19701df3ee77bbc8eec6ff740c6c94181d5c0c

SHA256
05af6741bdb49df5de17f04bea4df736cf730877b5c32c85ab8f026d9a68d311

SHA512
e088c9869fbae13c42228ed00b5706ef532f92e4908d138e6fa497217a62f5b921a0655200d7603c2ef42bb0cde616c347c26b71c5d7911e52982ac890e7b396

Download Submit
memory/2184-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2184-2-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download