054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042

Analysis

max time kernel
140s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
10/03/2024, 18:57

Target

054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe
Size

600KB
MD5

2db85821081b92e1cf8db113280243b7
SHA1

156d603850f3607513df0ef9d69ad49b95031205
SHA256

054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042
SHA512

510c561159eedf0763f5b8d555810d44650906e1dc0e29515b31f1c096838ae93a5b76e0c71ad304b77da29326e7d26f4e3f2eea58c7bf2d47d1dd97b46cd3e1
SSDEEP

12288:6la5EeW2av9D58lqIHcCCGnOAG1GaVQQEZa+rUlynwMEcYBKCTt0n6Wl:6laqec9DGlqFCzOt1GaVQOUCTc6s

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2600	2268	054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe	28
PID 2268 wrote to memory of 2600	2268	054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe	28
PID 2268 wrote to memory of 2600	2268	054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe	28
PID 2268 wrote to memory of 2600	2268	054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe	28
PID 2600 wrote to memory of 2624	2600	net.exe	31
PID 2600 wrote to memory of 2624	2600	net.exe	31
PID 2600 wrote to memory of 2624	2600	net.exe	31
PID 2600 wrote to memory of 2624	2600	net.exe	31
PID 2268 wrote to memory of 2736	2268	054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe	32
PID 2268 wrote to memory of 2736	2268	054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe	32
PID 2268 wrote to memory of 2736	2268	054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe	32
PID 2268 wrote to memory of 2736	2268	054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe	32
PID 2736 wrote to memory of 2644	2736	net.exe	34
PID 2736 wrote to memory of 2644	2736	net.exe	34
PID 2736 wrote to memory of 2644	2736	net.exe	34
PID 2736 wrote to memory of 2644	2736	net.exe	34

C:\Users\Admin\AppData\Local\Temp\054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe
"C:\Users\Admin\AppData\Local\Temp\054e428d83ac49fdf20af52a333c185bc63696573589abca00b7ae98aebce042.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\net.exe
  "C:\Windows\System32\net.exe" stop sharedaccess
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 stop sharedaccess
    3⤵
    PID:2624
- C:\Windows\SysWOW64\net.exe
  "C:\Windows\System32\net.exe" start sharedaccess
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Windows\SysWOW64\net1.exe
    C:\Windows\system32\net1 start sharedaccess
    3⤵
    PID:2644

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2268-0-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/2268-1-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download
memory/2268-4-0x0000000000400000-0x000000000049C000-memory.dmp

Filesize
624KB

Download