fe476be852c6988fa7cbd9429d77a88d8f249dee9ace90e945209c2e9bc80341

Analysis

max time kernel
17s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
03/02/2024, 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vortex.exe
Size

18.2MB
MD5

4983a480b37f8a1a240d5821bedf54df
SHA1

ca4ad629b6380db1318495acba442bc5ed8297a7
SHA256

587ad39b4cddd4aedb466bfaf132095d6423e8dac53692adee7a2d8cd1de6a80
SHA512

1329dc180919a7d5f2a2c01d9941f847f111804d74b277c60995e82d5ab0fc630a0dd4a28ed6c7df352145ac2ac8db140b3c2aeeb3997056e437400baadc1e3b
SSDEEP

393216:speoEfZvSYIVhEiGAcl/gp2NEGcTjJowlswsV7ETkW9A3NX03sERev5:s7OiVCiGdl4sNEfTV9FvTkjiPC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2664	Vortex.exe

Loads dropped DLL 2 IoCs

pid	Process
2868	Vortex.exe
2664	Vortex.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2868 wrote to memory of 2664	2868	Vortex.exe	29
PID 2868 wrote to memory of 2664	2868	Vortex.exe	29
PID 2868 wrote to memory of 2664	2868	Vortex.exe	29

C:\Users\Admin\AppData\Local\Temp\Vortex.exe
"C:\Users\Admin\AppData\Local\Temp\Vortex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2868
- C:\Users\Admin\AppData\Local\Temp\onefile_2868_133514622474628000\Vortex.exe
  "C:\Users\Admin\AppData\Local\Temp\Vortex.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2868_133514622474628000\Vortex.exe

Filesize
657KB

MD5
0ac19725ec936d658967f268c7cb5a8d

SHA1
24ad44354172387635745aceacf15eb272a57cd7

SHA256
1988dfb781374833921b5e3c2e509c5e0d691899ab5fff2dcea259a82ade4c11

SHA512
e7b611d4724fe79bd533a1d1b410b6d21e362d38e8978f20aba1c5f739e7bee0ce73abb8bd7011abb830e47d4412b302cd1853d7b9d605a5db3720d134291c3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2868_133514622474628000\python310.dll

Filesize
753KB

MD5
69d0781bfd3350b85ba1d67b14e81589

SHA1
d04c1e30c7e913fb47749469001470b223b7f106

SHA256
a5442371c7ba1ea8aba1b22ff227823893923b0d45b31fb0154b39aab49e0f97

SHA512
d2e5239665ae7626d0a8cdefba6c31bf747272284097be81eae4c060b810f27ded58e83c4d06c27e7457f330242ef806b7d2e66cc3e7a6bb2315a2e72c530b0d

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2868_133514622474628000\Vortex.exe

Filesize
958KB

MD5
f490e44316d9746cb61f950dc8c32150

SHA1
4c696d9f35965d64aaeb73a528eeb420e8549589

SHA256
b21ae403d93906f18c03574de1897ef017fbcd2c77f8e9471a28f558d153f473

SHA512
47ed1b2a8110d87e8bbc8c38fa0e3cf91c36bd6aa838b17c5b63c7c3568c8ccc7cf77ed497963bc1d2c9f38e30728098dc45a18f4c38b7c1bc508903334e61a5

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2868_133514622474628000\python310.dll

Filesize
839KB

MD5
307e8bfd4a4dc2f2ba07af124c2fc477

SHA1
4fb9538c166d7cd263f3a4c525ca89963322f313

SHA256
39ecde4f06c73d3807fed03e27091eebf031fe9eca02dd922ec7ffec07c219f1

SHA512
c8eb00a8b8c597827626b950cb37c5ae8ebc2049040604b0597fea4c0f13aafdbd4aad1d7ff38222fd71a9cbdbf3801a238b3c29ecafadb68e54280b01f395ba

Download Submit
memory/2664-36-0x000000013F960000-0x0000000140CDC000-memory.dmp

Filesize
19.5MB

Download
memory/2868-46-0x000000013FC50000-0x0000000140E9D000-memory.dmp

Filesize
18.3MB

Download
memory/2868-68-0x000000013FC50000-0x0000000140E9D000-memory.dmp

Filesize
18.3MB

Download