1571c99624f073b653037dbbd7c9b884aa84df0a41c64ba2585a8b4106a0ad2b

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
06/03/2024, 00:59

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

27.6MB
MD5

a52265a0791c2b556568a56788a5ae4d
SHA1

50a773c945462942d127d7d5efea71450bce35d8
SHA256

1571c99624f073b653037dbbd7c9b884aa84df0a41c64ba2585a8b4106a0ad2b
SHA512

f2e7d8434c156051150e094c9a12af8b14bf80c6edcd7f37e1de3e0b7bcdef6c9afac672b7bdb027ccc02145a5a51acbf21940d7829eff739b369c08107e3a5f
SSDEEP

786432:Uq6rr/Bmlf6HXY6GFgzyqXScvkMnns3RycN5WXTkaolNQ:iHBjXY6kxgXje35Vl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2492	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2588	main.exe
2492	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2588 wrote to memory of 2492	2588	main.exe	29
PID 2588 wrote to memory of 2492	2588	main.exe	29
PID 2588 wrote to memory of 2492	2588	main.exe	29

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2588
- C:\Users\Admin\AppData\Local\Temp\onefile_2588_133541604385372000\main.exe
  "C:\Users\Admin\AppData\Local\Temp\main.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2588_133541604385372000\main.exe

Filesize
3.9MB

MD5
df06528f2a25576565b46cc47b2d73cf

SHA1
54e46f0b42c03b63f72e751d7116e690572b7e26

SHA256
04d062fe14c4fc923beb8b1bfd0cf54c6b08eb367910faa18baab7ba6d06ae7a

SHA512
ed6cec44c27524ac63c7f9bfa92bfacc13e69ccd42ea5dca454e8c21e2f710a5aa2d32f83286678ed28e45f04fed5678479849fdfa3ab3b52cbe76e56b41e845

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2588_133541604385372000\python311.dll

Filesize
3.2MB

MD5
e04a29bcfbc5ee4f737f2848474168f4

SHA1
e9ffb9b0cae12af027e7abc07f1738025d5aef33

SHA256
69d19b61f23145a48527fad10f9cfdcdf4db75514a5e338c73974caf275f4c06

SHA512
53c8f2391876848cd36bcc3c7942ba55656fd300bbb77df2dfbe0870dfddd48e92619a11cc58f76ca42b865613f3a1ce8a4a3719dce823d69aebdaeb74c2047f

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2588_133541604385372000\main.exe

Filesize
3.2MB

MD5
0f1a54695560f8b12955e697cb1d3531

SHA1
154d9803d14b47be7c368550f1e086a4e7968be6

SHA256
8a0f9c10519ab4867134508dd965174bd8c78a00020615f82d7695bc9f6baf05

SHA512
714eba7fb8a2d5cd59ffa020f4f986605d51df2437d78bc69c198a8248de01aeb36f786f973f98bce6fb9f850a7c02fe50ca16ae8345f6d6b322dfcfe7b4bdaa

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2588_133541604385372000\python311.dll

Filesize
3.4MB

MD5
4177f6823028a4c894b29bc884236c28

SHA1
e17c5a369c9522b977ee1e15912d1eb986d58cd7

SHA256
75b97fba6e45e357594afb95189a7495a7e7e8bb2f446e3701f3bb67986735ad

SHA512
8f09fe94376f10a46eaaaf78cca366b940ad74bb41a64428e848727fe706689ca1d7a5aab7a54ef16552e991166c1fec5aca7748973c5cdf65adeb5424ca2228

Download Submit
memory/2492-46-0x000000013F710000-0x0000000142A2A000-memory.dmp

Filesize
51.1MB

Download
memory/2588-87-0x000000013F8E0000-0x000000014149E000-memory.dmp

Filesize
27.7MB

Download