fd51b287a2d39b2a4c8204181912b1a6c6a2da3279e02607a91924e06e4ade72

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12-03-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c3e4e9a2ecff15bd28f087dbc7d172cb.exe
Size

1.8MB
MD5

c3e4e9a2ecff15bd28f087dbc7d172cb
SHA1

1db41f320cb65d00c44c98aa7fc8e78e09faf774
SHA256

fd51b287a2d39b2a4c8204181912b1a6c6a2da3279e02607a91924e06e4ade72
SHA512

ae559319f1c9b6b582d18abb58c2443f61d8943e8a8efb6eb4d1e75426f1dfc7c2b72ed85affaf5d51d8759e8fdafc8a566983ad9114f5aa55bcb5b633150e11
SSDEEP

49152:nKP7kH9gaZYsSNFMGFGisdTrfJ52M/XMV4raxi:Kj09xYLFMGFLmv32M/XMV1xi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1776	c3e4e9a2ecff15bd28f087dbc7d172cb.tmp

Loads dropped DLL 2 IoCs

pid	Process
1776	c3e4e9a2ecff15bd28f087dbc7d172cb.tmp
1776	c3e4e9a2ecff15bd28f087dbc7d172cb.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 264 wrote to memory of 1776	264	c3e4e9a2ecff15bd28f087dbc7d172cb.exe	89
PID 264 wrote to memory of 1776	264	c3e4e9a2ecff15bd28f087dbc7d172cb.exe	89
PID 264 wrote to memory of 1776	264	c3e4e9a2ecff15bd28f087dbc7d172cb.exe	89

C:\Users\Admin\AppData\Local\Temp\c3e4e9a2ecff15bd28f087dbc7d172cb.exe
"C:\Users\Admin\AppData\Local\Temp\c3e4e9a2ecff15bd28f087dbc7d172cb.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:264
- C:\Users\Admin\AppData\Local\Temp\is-K5T0P.tmp\c3e4e9a2ecff15bd28f087dbc7d172cb.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-K5T0P.tmp\c3e4e9a2ecff15bd28f087dbc7d172cb.tmp" /SL5="$50232,1556339,140800,C:\Users\Admin\AppData\Local\Temp\c3e4e9a2ecff15bd28f087dbc7d172cb.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1776

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-D51I1.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-K5T0P.tmp\c3e4e9a2ecff15bd28f087dbc7d172cb.tmp

Filesize
1.1MB

MD5
a4cb46c715d6e7b72755eab92123a3ea

SHA1
1e769da1816daae7d50c8812c59ee20399431a2d

SHA256
686699d59606cd7d2253dff2c92003380361f00b168305e959e66bab9bc725c0

SHA512
8bdce037441eb0ed6aa5fdf7569580b32dd5294b6b4a36a054552e5b46fcbba328b659f2277d3a75d23d9ead64a28d3db2fe49c0b1c13e6d799490ce6509ab1b

Download Submit
memory/264-0-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/264-17-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1776-6-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download
memory/1776-18-0x0000000000400000-0x0000000000536000-memory.dmp

Filesize
1.2MB

Download
memory/1776-21-0x0000000000710000-0x0000000000711000-memory.dmp

Filesize
4KB

Download