496a82d41ef981aaf95528eba07b68a8bbfafa567f3a1bdb10d600c629442fb5

Analysis

max time kernel
122s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/02/2024, 07:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab519667dcfb48e1effa8a794187ae38.exe
Size

150KB
MD5

ab519667dcfb48e1effa8a794187ae38
SHA1

ae73c96ac65af469bf9d22574a672e61edba11bc
SHA256

496a82d41ef981aaf95528eba07b68a8bbfafa567f3a1bdb10d600c629442fb5
SHA512

4d6b2bf78d29d89e625ee1bbe7789ad5ebc7de5bf373e8530fc7aa9f38f46127871a448a09a004a2ff7d04451122f05fb018906bef6aba67c3ed25a0d5e583d1
SSDEEP

3072:OPLRxVU5Cn0IKbuFEI1ZCM1PqG9pT632FszuZMrBls9jCAypKke3ZuYsERohNSkz:BCn0IMul2N7ZeJuY9hfZC

Score

10^/10

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
smtp.gmail.com
Port:
587
Username:
[email protected]
Password:
keyloggerdeneme

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2716	vpd.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2716	2256	ab519667dcfb48e1effa8a794187ae38.exe	28
PID 2256 wrote to memory of 2716	2256	ab519667dcfb48e1effa8a794187ae38.exe	28
PID 2256 wrote to memory of 2716	2256	ab519667dcfb48e1effa8a794187ae38.exe	28

C:\Users\Admin\AppData\Local\Temp\ab519667dcfb48e1effa8a794187ae38.exe
"C:\Users\Admin\AppData\Local\Temp\ab519667dcfb48e1effa8a794187ae38.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\vpd.com
  "C:\Users\Admin\AppData\Local\Temp\vpd.com"
  2⤵
  - Executes dropped EXE
  PID:2716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\vpd.com

Filesize
21KB

MD5
75e4fc3cfd146d8a84356f739616c856

SHA1
191b0e3c596daef14d0aa5d003f9b6b9eea99f86

SHA256
6c1006d566ff9ca3e3b5035ae8b8274647d613fcfcc9ca42a0b822b4649519c3

SHA512
13990982e58f28facc2f8f8bc43750fc9f553c183af759039b22c3bc3bf7e5b9f62a43392a77541cc264bb98d8dca819904bc6c4b2e06fc841adcb6ae6a5f963

Download Submit
C:\Users\Admin\AppData\Local\Temp\vpd.com

Filesize
74KB

MD5
9080b0dd4f555a49a787c8c92c78ca0f

SHA1
c98cac8da3c198629c86efc9b477170a20062ad9

SHA256
8689190f77397bebda4ccd1d399d34f7b85294192d94761b1f8bbfae98879f85

SHA512
f8ee2ba83a83c3072c76c3f52de6abfb66b23dad1a242af4a9bf340342654813c704be75d4fc6cc82871fd1e450930cc9f41a6655896f07ca86c9380ec9afb82

Download Submit
memory/2256-12-0x000000001B1D0000-0x000000001B1E0000-memory.dmp

Filesize
64KB

Download
memory/2256-0-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

Filesize
9.6MB

Download
memory/2256-2-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

Filesize
9.6MB

Download
memory/2256-1-0x0000000001F80000-0x0000000002000000-memory.dmp

Filesize
512KB

Download
memory/2256-15-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

Filesize
9.6MB

Download
memory/2256-3-0x0000000001F80000-0x0000000002000000-memory.dmp

Filesize
512KB

Download
memory/2716-11-0x0000000000A70000-0x0000000000AF0000-memory.dmp

Filesize
512KB

Download
memory/2716-13-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

Filesize
9.6MB

Download
memory/2716-14-0x0000000000A70000-0x0000000000AF0000-memory.dmp

Filesize
512KB

Download
memory/2716-10-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

Filesize
9.6MB

Download
memory/2716-16-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

Filesize
9.6MB

Download
memory/2716-17-0x000007FEF56E0000-0x000007FEF607D000-memory.dmp

Filesize
9.6MB

Download
memory/2716-18-0x0000000000A70000-0x0000000000AF0000-memory.dmp

Filesize
512KB

Download
memory/2716-19-0x0000000000A70000-0x0000000000AF0000-memory.dmp

Filesize
512KB

Download
memory/2716-20-0x0000000000A70000-0x0000000000AF0000-memory.dmp

Filesize
512KB

Download
memory/2716-21-0x0000000000A70000-0x0000000000AF0000-memory.dmp

Filesize
512KB

Download
memory/2716-22-0x0000000000A70000-0x0000000000AF0000-memory.dmp

Filesize
512KB

Download