5dcebb347e8a7b6f1c99a3b9bc1d3315d4b845ef570cb80590a61996908c8fd4

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
19-03-2024 12:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d60f0ce696188646c2debd97cec68458.exe
Size

152KB
MD5

d60f0ce696188646c2debd97cec68458
SHA1

1f54969a59209e757401d2d30dbef3183bf78c55
SHA256

5dcebb347e8a7b6f1c99a3b9bc1d3315d4b845ef570cb80590a61996908c8fd4
SHA512

f1ac8ee6a76aad871db9c3f135ab6b9f5670ffff14236e47ab409f62f6952d3c4f6b2c185b7019a9c83665ad80f60072e4e2c4e030175c4b27ce7597392cec82
SSDEEP

3072:/fEc+Y5PV3Fcg9TEfnOhot9LykQiXJFvdkQaN9f7:/fEtcEgVloRzdGt

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2764	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2952 wrote to memory of 2764	2952	d60f0ce696188646c2debd97cec68458.exe	28
PID 2952 wrote to memory of 2764	2952	d60f0ce696188646c2debd97cec68458.exe	28
PID 2952 wrote to memory of 2764	2952	d60f0ce696188646c2debd97cec68458.exe	28
PID 2952 wrote to memory of 2764	2952	d60f0ce696188646c2debd97cec68458.exe	28

C:\Users\Admin\AppData\Local\Temp\d60f0ce696188646c2debd97cec68458.exe
"C:\Users\Admin\AppData\Local\Temp\d60f0ce696188646c2debd97cec68458.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2952
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\system32\cmd.exe" /q /c "C:\Users\Admin\AppData\Local\Temp\Psv..bat" > nul 2> nul
  2⤵
  - Deletes itself
  PID:2764

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Psv..bat

Filesize
210B

MD5
fec25c2e53c6239e7b517d5beb4b903e

SHA1
121fa2c8533b25b20651d14a97e3e3cbaae22dd0

SHA256
f5802527cb326d86e8e678e793f1588000047c9440800fb227dadcc5ce821526

SHA512
a6a4b14f861b90155e984eabf5e1bd80e39ab6080786bd6ad2a2b2ec96cc2f0edf31f8d7894243992ecb612ffafed6520e218e8ddcf63439134309542162576e

Download Submit
memory/2952-1-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2952-0-0x0000000000330000-0x000000000034B000-memory.dmp

Filesize
108KB

Download
memory/2952-3-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2952-2-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download
memory/2952-5-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download