53015ec4339dca036dcd4be39565c626d49e1ca9fd6242642050afb281f7df45

Analysis

max time kernel
160s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 09:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8eca46b796c3f4b07c5cf4282b1b076a.exe
Size

2.5MB
MD5

8eca46b796c3f4b07c5cf4282b1b076a
SHA1

a64b462bccfb1a726cad6ffd0d7237984d0b6a3f
SHA256

53015ec4339dca036dcd4be39565c626d49e1ca9fd6242642050afb281f7df45
SHA512

6639bddaa382d8e484a12c06e659e0156e3758aca015b265e5372e259cadf80baf6f87f059527ffdc2528e7e3bb5a2561d7dc9b4eb415eb1ccbd41406edf9742
SSDEEP

49152:52YT/j0AG7BmgYBf/ZkYDXAOcL/szp/mPrDpPYQ1qX2w5aV:sgj0JVm/peYDXAOc4duDDpI8

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2044	Stp2E7D_TMP.EXE
4492	Stp2E7D_TMP.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3504 wrote to memory of 2044	3504	8eca46b796c3f4b07c5cf4282b1b076a.exe	84
PID 3504 wrote to memory of 2044	3504	8eca46b796c3f4b07c5cf4282b1b076a.exe	84
PID 3504 wrote to memory of 2044	3504	8eca46b796c3f4b07c5cf4282b1b076a.exe	84
PID 2044 wrote to memory of 4492	2044	Stp2E7D_TMP.EXE	85
PID 2044 wrote to memory of 4492	2044	Stp2E7D_TMP.EXE	85
PID 2044 wrote to memory of 4492	2044	Stp2E7D_TMP.EXE	85

C:\Users\Admin\AppData\Local\Temp\8eca46b796c3f4b07c5cf4282b1b076a.exe
"C:\Users\Admin\AppData\Local\Temp\8eca46b796c3f4b07c5cf4282b1b076a.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3504
- C:\Users\Admin\AppData\Local\Temp\Stp2E7D_TMP.EXE
  "C:\Users\Admin\AppData\Local\Temp\Stp2E7D_TMP.EXE"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2044
- - C:\Users\Admin\AppData\Local\Temp\is-R63SM.tmp\Stp2E7D_TMP.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-R63SM.tmp\Stp2E7D_TMP.tmp" /SL5="$A0238,2257206,53248,C:\Users\Admin\AppData\Local\Temp\Stp2E7D_TMP.EXE"
    3⤵
    - Executes dropped EXE
    PID:4492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Stp2E7D_TMP.EXE

Filesize
2.5MB

MD5
3a60668ac7c2bf247a33255bb68050ee

SHA1
9a2bc4a6b3a161500d77e7c259d7c4ee2bb0afa4

SHA256
f65ef96dfe3d263a7bb34fbcd0e2baabe4713347a8a39a6f88f96d1337e5ef8e

SHA512
b4b7edbdd39ead608831a7aa1a552d3d90872be98f90b4b51017cabdf3fd2abdd14e6ceeeb444208da2dc8907098202938adb9cb6a19603bec057a7de634c5ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-R63SM.tmp\Stp2E7D_TMP.tmp

Filesize
669KB

MD5
52950ac9e2b481453082f096120e355a

SHA1
159c09db1abcee9114b4f792ffba255c78a6e6c3

SHA256
25fbc88c7c967266f041ae4d47c2eae0b96086f9e440cca10729103aee7ef6cd

SHA512
5b61c28bbcaedadb3b6cd3bb8a392d18016c354c4c16e01395930666addc95994333dfc45bea1a1844f6f1585e79c729136d3714ac118b5848becde0bdb182ba

Download Submit
memory/2044-5-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2044-7-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2044-13-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4492-12-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/4492-14-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/4492-21-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download
memory/4492-23-0x0000000002100000-0x0000000002101000-memory.dmp

Filesize
4KB

Download
memory/4492-24-0x0000000000400000-0x00000000004B6000-memory.dmp

Filesize
728KB

Download