635454dddf996a913567fb13134369eb926969eaa8bbad84530fbdff28f6afeb

Analysis

max time kernel
120s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/02/2024, 12:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8f2a75310286d05ce5aee4f7a3c1b40c.exe
Size

94KB
MD5

8f2a75310286d05ce5aee4f7a3c1b40c
SHA1

2caf5dd981b76badb8f2e98ad37ff6130d1eba10
SHA256

635454dddf996a913567fb13134369eb926969eaa8bbad84530fbdff28f6afeb
SHA512

ea55cc76f86e5a6a777f40b717ac275168920344324bc639a91e1566f5fc2e83301b7e7e0b774f4d5780606dfb30f18f37b59d91f4ee1fdbd86f3ae631b258f0
SSDEEP

1536:ffg+M2Y9oH+cpTKeyaI0Z/od8bDbRvU5yYeVYXrgITAGXBB3exYEjpepikFIy:ffgyY9oH+cTKGI0Z/oooeVYXrgI0GXW4

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2844	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3032 wrote to memory of 2844	3032	8f2a75310286d05ce5aee4f7a3c1b40c.exe	28
PID 3032 wrote to memory of 2844	3032	8f2a75310286d05ce5aee4f7a3c1b40c.exe	28
PID 3032 wrote to memory of 2844	3032	8f2a75310286d05ce5aee4f7a3c1b40c.exe	28
PID 3032 wrote to memory of 2844	3032	8f2a75310286d05ce5aee4f7a3c1b40c.exe	28

C:\Users\Admin\AppData\Local\Temp\8f2a75310286d05ce5aee4f7a3c1b40c.exe
"C:\Users\Admin\AppData\Local\Temp\8f2a75310286d05ce5aee4f7a3c1b40c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3032
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Ecp..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ecp..bat

Filesize
210B

MD5
f9e8a757138e167ae5de853b7e4a19a7

SHA1
b34457a2047755e12f8db9e2bff048b145c260c5

SHA256
29a4f0aa1846939dfc3ccd3704b31fc98d21d664f19a3a4d39cf99d5683bbec2

SHA512
c9622babbf8e62cc0a336af03c3a58fc873688bfdc2b7e9539029c0c8cb1b62890b2f23e3779189a502963a42d0c4dab74c656f7089a78de68c9c91a26b9e85f

Download Submit
memory/3032-1-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/3032-2-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3032-0-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3032-3-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3032-5-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download