Analysis

  • max time kernel
    122s
  • max time network
    125s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    02-03-2024 20:29

General

  • Target

    TheMalwaredev-s-garbage-main/Install Windows20.exe

  • Size

    24.4MB

  • MD5

    8c7065d7b4ce7f50e145bd6082204b00

  • SHA1

    40e4bea57fc03d3bed8b4614ec790242cc0650f5

  • SHA256

    9b66b0914cad75dd3072726f0a7b3d21db55bd205f409a6ca46472cfe2a78eec

  • SHA512

    560a438e307e217875a8a9227187e22027dc48c58b9fe1041361d6d8a5cb917728ae22655af084f9b38e45928a7ba1b15eab6e7c2d4d6862391e82eba00583f6

  • SSDEEP

    786432:KJ4Hil5v88iWkupGx7xvkCBiWP9BKBB5zw8:K2CfiWRMaCBiW1+59

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TheMalwaredev-s-garbage-main\Install Windows20.exe
    "C:\Users\Admin\AppData\Local\Temp\TheMalwaredev-s-garbage-main\Install Windows20.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Windows\SystemUpdateInstalled\doom.bat" "
      2⤵
        PID:1144

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Windows\SystemUpdateInstalled\doom.bat

      Filesize

      824B

      MD5

      87ff7a4be8ba06c3d469b27fc8d665bc

      SHA1

      2ddb2e14bb115a85b13cfbe6204a45360c78de04

      SHA256

      c5e12fc8cceb6155d5176025c3aeff5e3d8aef8e54e6eabf5af43f19329a634b

      SHA512

      38a8d7ccc7f447b9e7b61d7f876a4f6de9782b09d1491e93bd0fcd3e15b6552cd6cfe015b020686eecea14a0951ed392abae55490b55af9c393eb02530632c35