fd0af456f169a261cf2caa06bef5b9e92e49fb7d5230c7591459ee4a68419e42

Resubmissions

06-02-2024 15:48

240206-s8rakaccbp 7

21-12-2023 17:24

231221-vy135abcek 10

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
06-02-2024 15:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
Size

11.8MB
MD5

d7fd6731e4db6fdac15d7ce4844254f0
SHA1

32286ffae51a5bc0f14bcf6f7cc10d5040abd8c4
SHA256

0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f
SHA512

5bb7f1731c892300d67aec81eaa48788690b6abcd9fca5f81dd8830d481d9e6aaf1fa766153b94ad450b6a346b1f48fe8ce4b449062ac476b5ac2cc244315d73
SSDEEP

196608:I1rT3Lk6XhNQSKwAk2V80t5AtgNtKpXeBHsepB7/nqlKBlIgj:irbLPXhN1Kpk6t5AtutKpOBppRln

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

WW13_64.exe

pid process

2816 WW13_64.exe
Loads dropped DLL 2 IoCs

Processes:

0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exeWW13_64.exe

pid process

2384 0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
2816 WW13_64.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2816	WW13_64.exe

pid	process
2384	0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
2816	WW13_64.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe

description	pid	process	target process
PID 2384 wrote to memory of 2816	2384	0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe	WW13_64.exe
PID 2384 wrote to memory of 2816	2384	0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe	WW13_64.exe
PID 2384 wrote to memory of 2816	2384	0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe	WW13_64.exe

C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe
"C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2384
- C:\Users\Admin\AppData\Local\Temp\onefile_2384_133517083997780000\WW13_64.exe
  "C:\Users\Admin\AppData\Local\Temp\0829cd6ebf13b1aa2b01403d19b392ce396d4405e9386fe208ea9b542a625c1f.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2384_133517083997780000\WW13_64.exe

Filesize
300KB

MD5
14746bca1ef5d5c4bbedee799736ae9f

SHA1
2ba7cd5f4cdda33145455b6c70354de6c2b8cdb5

SHA256
a2b2768ca9f28c758c4b9680885b4bb148d3d5d9378b807933001c5efa1f3966

SHA512
5233a47dcf2412947c87fd029ed7b0a0eb8b7cce70dc17bfeab851bb41c60bc46263a6a69bd8ef274b6256cb68ebb39805b2a4b5125a8fdfca22d7fd59159225

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2384_133517083997780000\python311.dll

Filesize
256KB

MD5
716ab8f93a25fd4d2678b77205d56c79

SHA1
230c34477874685990355414f3d78efd262c9078

SHA256
52cf581f1c2be563652771613431998ee7cfa06aac69ca8268481002a307b45c

SHA512
69b4b142db3f5db2ccce76abdcd79b8d3029c90bdfbf35bf75226ad2ad8b6afd3c8c62eafe24ead2251eb233d10d58758421a1d03d42f9afe10d4affd16d3854

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2384_133517083997780000\WW13_64.exe

Filesize
320KB

MD5
be5d476906d14284325cb0064694259b

SHA1
0b5675e2f4847811fb2cf4a437fc4961c5c1e2ce

SHA256
800e1894ec3dcb5c6056b321400be06734826bfea760e4af8eeb656134cd997b

SHA512
8ce77cb5c1ff84d1342f1609e47f6d9a8e687f1f3fb62a104eb12112dd41916e1831aecc96f6b15a5bf45bd46aee05e791dc5a3b6396ec20d0299f9780a74f31

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2384_133517083997780000\python311.dll

Filesize
136KB

MD5
6223ddfaeaa15fa6e38ae932d73e11a0

SHA1
34fcb9316fa3f03dc34924e88ee0c7eb19bb9b4b

SHA256
8ea7e6186c33b831aede333a828ccb869ac00dcd252a49951f89259f673a79cc

SHA512
ee0fc0bae29a9b36d7f47bf22c994a6ca6749c0a8c2c4de5d7dd5a3a423001d5f4a66b684b1d40e95d86270a4618c2f50482a68fb19c0a0166feb8fe0ab88ba5

Download Submit
memory/2384-0-0x000000013FDD0000-0x000000014151D000-memory.dmp

Filesize
23.3MB

Download