Analysis
-
max time kernel
146s -
max time network
146s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
01/02/2024, 17:32
General
-
Target
d11a85a30b33b991175358736e3bc932259545e4532c8fb782acb86a2d9c3016.exe
-
Size
196KB
-
MD5
6af1c603445772dc6aaa7558e9635e73
-
SHA1
06eb8231a38621b87aa1936a6295b3d2c3ef35b1
-
SHA256
d11a85a30b33b991175358736e3bc932259545e4532c8fb782acb86a2d9c3016
-
SHA512
a226efc876a2cf2c3266a6359862f7e5db108c3ae6096335fc347da68f69d598236cce78805a92fe64318f1578f70d64d9a89127f3a9b73fe7726540e080bcdc
-
SSDEEP
6144:rBs27MMLyX5HXXXDTXXXOGqIII+pXXX5AYjKXXXDoXXXG6XXXxXXXLIIIEAkOCOG:rK20HXXX/XXXFqIIIcXXX5j2XXXcXXXD
Malware Config
Signatures
-
Deletes itself 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\d11a85a30b33b991175358736e3bc932259545e4532c8fb782acb86a2d9c3016.exe"C:\Users\Admin\AppData\Local\Temp\d11a85a30b33b991175358736e3bc932259545e4532c8fb782acb86a2d9c3016.exe"1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\D11A85~1.EXE > nul2⤵
- Deletes itself
-
-
C:\Windows\Debug\iuyhost.exeC:\Windows\Debug\iuyhost.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
196KB
MD53abb7428d7f40ee92c9713d882d0cd60
SHA1f37e6454c15635f5bbd96f903de1c00fad6b5925
SHA256f71729ba59a4e872b134fa52e3b3ec6c3cf64f05ba181650e9785611eda9c0b6
SHA512509612232c8a51429f321c3e51d5fca274861a2af375a0f7a502646cc98a2c34f4537280c27311637513f846f33913b7a4489e4d5a634e44eb0e843c13d10aec