35fbada1295957148ab2e1fdb1aa0a85c5384840f3fcaa0ca387dcd73e96e9a9

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 02:54

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d91bdfcf946b22a7d7f1b6571eebdeb2.exe
Size

4.9MB
MD5

d91bdfcf946b22a7d7f1b6571eebdeb2
SHA1

aa1c9a72af9cfd026fb7ccc052473d301fabe378
SHA256

35fbada1295957148ab2e1fdb1aa0a85c5384840f3fcaa0ca387dcd73e96e9a9
SHA512

f837968dfd421a72e551e493e42fcd2aa6ec4014c142b30e244e919a55ca9912559c02e30260547c90b66c104c670e547ef7c4ce22a33e566e7967bdaa0ecfe3
SSDEEP

98304:04T8MCOp4fek/tusNO9owpZdzyQ47tvE/SqF31/77G0kl819DCuf:04T8MJQtuC/wzp4ZqFlgsU

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3000	put_file_on_here.exe

Loads dropped DLL 2 IoCs

pid	Process
1768	d91bdfcf946b22a7d7f1b6571eebdeb2.exe
3000	put_file_on_here.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1768 wrote to memory of 3000	1768	d91bdfcf946b22a7d7f1b6571eebdeb2.exe	29
PID 1768 wrote to memory of 3000	1768	d91bdfcf946b22a7d7f1b6571eebdeb2.exe	29
PID 1768 wrote to memory of 3000	1768	d91bdfcf946b22a7d7f1b6571eebdeb2.exe	29

C:\Users\Admin\AppData\Local\Temp\d91bdfcf946b22a7d7f1b6571eebdeb2.exe
"C:\Users\Admin\AppData\Local\Temp\d91bdfcf946b22a7d7f1b6571eebdeb2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1768
- C:\Users\Admin\AppData\Local\Temp\onefile_1768_133535624632388000\put_file_on_here.exe
  "C:\Users\Admin\AppData\Local\Temp\d91bdfcf946b22a7d7f1b6571eebdeb2.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1768_133535624632388000\put_file_on_here.exe

Filesize
1.2MB

MD5
bc3ab258fd72acc1203cdecf383bdb54

SHA1
4b372ad6760122812d220994c70efcbf728da7b3

SHA256
89db1717d3b4a6e2b13ee3bf111a41101cf6ae78d26acfc7fa10545909be7b3e

SHA512
deb5963a9cf2032b80d949706ef585433522d2db99fed544c62801fa60aebcdcafcdbd389fb3464f15ac6da81c5334ffa7bc57daf3e47db9ce61cf4c67024048

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_1768_133535624632388000\python311.dll

Filesize
465KB

MD5
f8f4e02e0aa0901ceb3ec1f92bd9523f

SHA1
f0e68f79cd0d1e01495a23f30f099a63719afc64

SHA256
474840173b0d74e48d2b65c02064ab3684281e74c11ca2535031c73b14621ae8

SHA512
a3633eec29fa2be86592a5a49e6812a347874deffc3233f5201ba223b3c36c8ea9e0fe7d24a9b050faa2fe2fc2ed11aba7e78ba66c79d1f2937f998e737717d5

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1768_133535624632388000\put_file_on_here.exe

Filesize
1.5MB

MD5
7313a6476a075d79fde4462324eff8da

SHA1
f9831bad8cb3ebdc6ee567825c5a657a20ad4c03

SHA256
a32351cad66b8f9947bfd7e3e0965552520dff13f4f94b54e12e30766b06561d

SHA512
b774fdce94a29f23bc9a31c57de5d1dd5b2fc80b777b2856ec9f42289a9db4ba4ff306dd22379999e69dab357ee66318f41c3a8ad1139cd7afdcd4bb099478e5

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1768_133535624632388000\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit