Analysis

  • max time kernel
    50s
  • max time network
    80s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 20:26

General

  • Target

    TrashMalwares-main/NetPakoe3.0.exe

  • Size

    188KB

  • MD5

    912c74cb1e5e132515956f5c8470114a

  • SHA1

    71556617096cdb4b70b220568f1d3697362c14a5

  • SHA256

    6376111c1c39414187abeae4c6a75ae58351b2202802afc9bde2be5ceae0f400

  • SHA512

    c4a0a299d085a33e567ebcc6586c911a130425c805d71175362c09c46eb0739a040c787fa1d3f9e9f06aad14bac686adc10d1bae75602e96f1c7238f3d4e73d6

  • SSDEEP

    3072:YhM2idhON/D8259BH1DzJ5PzVNtGgc+F9TBfV0gwzH:Yh3idhONY259BH1DzJ5PzVNtGgc+F9TA

Score
6/10

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NetPakoe3.0.exe
    "C:\Users\Admin\AppData\Local\Temp\TrashMalwares-main\NetPakoe3.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2468
    • C:\Windows\system32\wscript.exe
      "C:\Windows\system32\wscript.exe" C:\Users\Admin\AppData\Local\Temp\1362.tmp\1363.tmp\1364.vbs //Nologo
      2⤵
      • Adds Run key to start application
      PID:2128

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\1362.tmp\1363.tmp\1364.vbs

    Filesize

    11KB

    MD5

    36072dc09cf0a99e3936b50bacd9a3e5

    SHA1

    731ede51ad7869ae0b01248267b0354a5fe52cba

    SHA256

    a8dd0c012506f5ec41f90909e88de316ce3cbdb294db2b925c832af104e8b94f

    SHA512

    c4d9858e67295ef124218e2493e9990427df16bc722df621ffebbcc4229e270f42fbccd9a2376448c19319ab18c1982f6d9a7371a77c148d434a64b8fe0a874d