53fb5b8b7727fcd5c0f9b9f0b9bd20dc86ed6022f8df192171c9ee66aa76792c

Analysis

max time kernel
155s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 01:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba390ae0b165a6d014befa30da323bb7.exe
Size

1.2MB
MD5

ba390ae0b165a6d014befa30da323bb7
SHA1

8d4dc62b9b9046ed1351dacef7669e490899ce81
SHA256

53fb5b8b7727fcd5c0f9b9f0b9bd20dc86ed6022f8df192171c9ee66aa76792c
SHA512

82787032f63701a6024bf0b33c1b285712b7459ae75f58a7ba860c0e7440f00426a14a237a72aff70c7b9f4559a69e3504bb5096332b4c9d4481f2703d9aeda0
SSDEEP

24576:HHsAArqJ8eeZSMl8hQbo4+osRHK59IYUk5nRIseKtqlo5vU5EeYC:xAREhQbmdlcC0gi5Neh

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3520	is-DMLQL.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 3520	5092	ba390ae0b165a6d014befa30da323bb7.exe	96
PID 5092 wrote to memory of 3520	5092	ba390ae0b165a6d014befa30da323bb7.exe	96
PID 5092 wrote to memory of 3520	5092	ba390ae0b165a6d014befa30da323bb7.exe	96

C:\Users\Admin\AppData\Local\Temp\ba390ae0b165a6d014befa30da323bb7.exe
"C:\Users\Admin\AppData\Local\Temp\ba390ae0b165a6d014befa30da323bb7.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Users\Admin\AppData\Local\Temp\is-LRRCH.tmp\is-DMLQL.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-LRRCH.tmp\is-DMLQL.tmp" /SL4 $801DC C:\Users\Admin\AppData\Local\Temp\ba390ae0b165a6d014befa30da323bb7.exe 998664 50688
  2⤵
  - Executes dropped EXE
  PID:3520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4136 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
1⤵
PID:1496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-LRRCH.tmp\is-DMLQL.tmp

Filesize
592KB

MD5
34eafa22ea917a31d314eff4224097f4

SHA1
005b5f236dcb26d21d7ee96eaf5cd45fac21c5cd

SHA256
b8cca55558a4af82cded8ae413241d82e828bf6402d77278d157424d870a75f8

SHA512
651c6ac7d4b695a91f1ac4a81115dd8a999dfe6ee1165499b59200b3146b19e0642372f8a04f8556900560e4c88b6d7cb962147bcaf2d0068db0abed4db295b3

Download Submit
memory/3520-7-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/3520-12-0x0000000000400000-0x00000000004A3000-memory.dmp

Filesize
652KB

Download
memory/3520-16-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/5092-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/5092-2-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/5092-11-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download