73dec0decb09b1fe7a7d8e8687a0cde3d26d80d3939c2a64ae75625153b1379a

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
11-03-2024 04:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bfe4a2f0ccb35ce3411e3692f3073c2c.exe
Size

144KB
MD5

bfe4a2f0ccb35ce3411e3692f3073c2c
SHA1

7e30da6d333cb0a05e07c9e54dc27387fc7b1189
SHA256

73dec0decb09b1fe7a7d8e8687a0cde3d26d80d3939c2a64ae75625153b1379a
SHA512

c79f91a976e9b842ac568e40be06570b607e4cd90173d946f85395a8b477f19924848bdc1fc3faf272bcdf3bd4dcd2e8e6f69ef0b2c062caa3ed6935f1909cd4
SSDEEP

3072:V7GeKlHZSvQ0tRpSFsOTHHrdT+cT3B0DBpq7qZ2o2LlmSbReH:VvsZ6HMZHkDBZZ2bLlm

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2376	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 2376	2744	bfe4a2f0ccb35ce3411e3692f3073c2c.exe	28
PID 2744 wrote to memory of 2376	2744	bfe4a2f0ccb35ce3411e3692f3073c2c.exe	28
PID 2744 wrote to memory of 2376	2744	bfe4a2f0ccb35ce3411e3692f3073c2c.exe	28
PID 2744 wrote to memory of 2376	2744	bfe4a2f0ccb35ce3411e3692f3073c2c.exe	28

C:\Users\Admin\AppData\Local\Temp\bfe4a2f0ccb35ce3411e3692f3073c2c.exe
"C:\Users\Admin\AppData\Local\Temp\bfe4a2f0ccb35ce3411e3692f3073c2c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2744
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Nhv..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2376

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Nhv..bat

Filesize
210B

MD5
2a8a8261927ad3e2c449bdad5b35f188

SHA1
7601644d6942a529aeb3ed016429992dc3e79381

SHA256
67599cc90694e1eaf75ee931d94940b961191092d2ef94a0e22a82deecec6c5d

SHA512
70f9af60a539ca2292bb34ed9d4d6083c146a3d2b4e04599f6fa364c02cd2b30fa2138174e4a1c1c5dca647dad7e35340058491d65da5f84d82f01bfb9f3479e

Download Submit
memory/2744-0-0x00000000002E0000-0x000000000030F000-memory.dmp

Filesize
188KB

Download
memory/2744-1-0x00000000002E0000-0x000000000030F000-memory.dmp

Filesize
188KB

Download
memory/2744-2-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2744-4-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download