Analysis
-
max time kernel
117s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
-
submitted
28-02-2024 14:12
General
-
Target
GOLAYA-RUSSKAYA.exe
-
Size
149KB
-
MD5
5e337da135d63887a756e2cba5fcc0c8
-
SHA1
c367eaa24241c19410bbbe2ff4d2c39d4cdd1990
-
SHA256
d9d056c7d128ec893e43a4c7b315e9437629f851f51aee6d366c1022a48bdff1
-
SHA512
54b3a00c9317c2d5ea338a2450e655dd5c822531c97bb8cd164272a10650421676c1ea9634de1ed2c9454885b04653773235c605f95befb7d848eef6779c0172
-
SSDEEP
3072:lBAp5XhKpN4eOyVTGfhEClj8jTk+0hijeF9RCyllP:AbXE9OiTGfhEClq949vD
Malware Config
Signatures
-
Blocklisted process makes network request 2 IoCs
-
Drops file in Drivers directory 3 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 9 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 12 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\GOLAYA-RUSSKAYA.exe"C:\Users\Admin\AppData\Local\Temp\GOLAYA-RUSSKAYA.exe"1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.execmd /c ""C:\Program Files (x86)\Produc\New\nuashks.bat" "2⤵
- Drops file in Drivers directory
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Produc\New\nadopilitsa.vbs"3⤵
- Blocklisted process makes network request
-
-
-
C:\Windows\SysWOW64\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Produc\New\samisok.vbs"2⤵
- Drops file in Drivers directory
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
269B
MD5f8e76085c4bab58dcb161028c3aae9c9
SHA1764af0a064b08e40beeab421df76d3c7fb389c75
SHA256e7388abfc5e55e53c9a06f74e6000107b15641c3d99fe89d9f990584049b4ad6
SHA5127c557fdee8163233be08a494955b02af789d37fefc5429b966079c83950f4b79ec50c7f521ba0cc72cb762c300ab96ce72c1bc90a3eca6eeed67e1a2614a8b61
-
Filesize
48B
MD57215ed14e21d41517551593a906dfa9e
SHA1572ec6424f46b19e5b1a0ebcb58df8efadaa37aa
SHA256248f4f03a3bac68d3f2231e72dcdb82d16ba4a49631306e231200c36a4d7d6b6
SHA512c81fcc628b6178017cacdbf7c57b5bd3304ea1e6a43b4c8164082f6d701f7f03c16d3026b011819ee76cb4609ca8c00e70566382cd839fba9fe714e1d0a1f7e5
-
Filesize
3KB
MD5c151e8a63db1332daeaf336c6767f918
SHA13c41d44604d19b3ce2bb9a1971a94ebf2a1f50bd
SHA256c9f0675570ce4487e3b60e2b3e5433ad76c0ec354a41d8135fb0318e40f39e95
SHA512bb483dc05f7eeb6e6a73c76d6bf95e1e322b609d759dee27c5e21b682d8c249b3e60cc25f7f47ee152f0b8eccea90252daed9235153e3258423221c233f80c44
-
Filesize
27B
MD5213c0742081a9007c9093a01760f9f8c
SHA1df53bb518c732df777b5ce19fc7c02dcb2f9d81b
SHA2569681429a2b00c27fe6cb0453f255024813944a7cd460d18797e3c35e81c53d69
SHA51255182c2e353a0027f585535a537b9c309c3bf57f47da54a16e0c415ed6633b725bf40e40a664b1071575feeb7e589d775983516728ec3e51e87a0a29010c4eb9
-
Filesize
740B
MD5152fab0ac0684c4b7383883ecb4c42f7
SHA1dc2487afd2302751686b5f7af5ec65ecd05c75c5
SHA256d28c1370bce14ca6aa38e81d6c6deb3e43b04849bead1795d940c1e59f2cde4d
SHA512da52cafc25583799b8138044cfd25f0cc66c7d01b1cf369b8960c1865d9a6a348be0ee90b417ad72455f3919f7553ef4db971c7ff56855b40bf4d772ba8efee3
-
Filesize
1KB
MD544ccd2e0f82c735fbef30c341d6bfc10
SHA18cc305f7f8fff401380175ae0cc7d0df99b83373
SHA256d29b19381fbf3494195232c63a36e6a9d38de4e2db3e80ae3f007a36e9674db3
SHA5128627b9c13415f5d9c917692281f2a33aa4286f0a50b0d08933ca663cd6cc12fb17256a2270ff283dd497661001b6c06f3d16e889215821659fa24ede367dfe07
-
Filesize
136KB