1c7f259d654755f0871d046349b8a35f0e22c2d695c635cb7081c418ad59ae12

Analysis

max time kernel
145s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 22:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97b687df81504ed4ebb9b81c099652ef.exe
Size

9KB
MD5

97b687df81504ed4ebb9b81c099652ef
SHA1

e585b3f604f499acb70e6554d73154a781d08c7d
SHA256

1c7f259d654755f0871d046349b8a35f0e22c2d695c635cb7081c418ad59ae12
SHA512

69eebc0e71780e677e5b56b0320f1b9d7f3c9af0f54d5c3365cd57abc223d44e8d404f10321b9fd956f9a6115da2e6472a56cb395541c04fd96822462271d9e9
SSDEEP

96:tpYYFudEknTkCEc8n51Mu/74rvzITkjSxLkzBBQCG8aJc7d4MHjxGb5KN:3ahn5G5MPXQCG8aJch4MDob5E

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2644	archive.exe

Loads dropped DLL 2 IoCs

pid	Process
1936	97b687df81504ed4ebb9b81c099652ef.exe
1936	97b687df81504ed4ebb9b81c099652ef.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\Archive = "C:\\Program Files (x86)\\Archive\\archive.exe"	archive.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Archive\archive.exe	97b687df81504ed4ebb9b81c099652ef.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 2644	1936	97b687df81504ed4ebb9b81c099652ef.exe	28
PID 1936 wrote to memory of 2644	1936	97b687df81504ed4ebb9b81c099652ef.exe	28
PID 1936 wrote to memory of 2644	1936	97b687df81504ed4ebb9b81c099652ef.exe	28
PID 1936 wrote to memory of 2644	1936	97b687df81504ed4ebb9b81c099652ef.exe	28

C:\Users\Admin\AppData\Local\Temp\97b687df81504ed4ebb9b81c099652ef.exe
"C:\Users\Admin\AppData\Local\Temp\97b687df81504ed4ebb9b81c099652ef.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1936
- C:\Program Files (x86)\Archive\archive.exe
  "C:\Program Files (x86)\Archive\archive.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Program Files (x86)\Archive\archive.exe

Filesize
9KB

MD5
97b687df81504ed4ebb9b81c099652ef

SHA1
e585b3f604f499acb70e6554d73154a781d08c7d

SHA256
1c7f259d654755f0871d046349b8a35f0e22c2d695c635cb7081c418ad59ae12

SHA512
69eebc0e71780e677e5b56b0320f1b9d7f3c9af0f54d5c3365cd57abc223d44e8d404f10321b9fd956f9a6115da2e6472a56cb395541c04fd96822462271d9e9

Download Submit
memory/1936-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2644-10-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads