82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
19-03-2024 18:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783.exe
Size

16.8MB
MD5

ab4adc1957f2c5764e6dcf117c558341
SHA1

6232bfe39d653c91ecab229bbb660863ead5fc08
SHA256

82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783
SHA512

abf912c690b96dea4a1a949ef7f146e8ab8c2be5d8d27880f797415620d43e4fb2bda8158341508b0fac9e226aa0392c2d491bfa2a3f92693a2b033755be499c
SSDEEP

393216:Vzwuxq5con7nIWhjXdLbqTNoNhNme9ydizhDdXSE6ispS3dp0X9RidmF:OrIWhu0hJo6tSE6iDAJF

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4900	is-E0UKM.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 4900	4824	82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783.exe	91
PID 4824 wrote to memory of 4900	4824	82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783.exe	91
PID 4824 wrote to memory of 4900	4824	82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783.exe	91

C:\Users\Admin\AppData\Local\Temp\82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783.exe
"C:\Users\Admin\AppData\Local\Temp\82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Users\Admin\AppData\Local\Temp\is-Q102A.tmp\is-E0UKM.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-Q102A.tmp\is-E0UKM.tmp" /SL4 $50206 "C:\Users\Admin\AppData\Local\Temp\82002f2385e7bbb38ba88a6479937566d1471e48dd4fa4cc63d9d954c6c64783.exe" 17330181 52224
  2⤵
  - Executes dropped EXE
  PID:4900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-Q102A.tmp\is-E0UKM.tmp

Filesize
652KB

MD5
581bb44526a65c02b388e1b8a83fe86c

SHA1
dc387f115977b5fb94d9c9084f33a1c231b50acb

SHA256
385a9bb48f5180984867f3bff1d327250d22ab4399137b343be291c370ee3699

SHA512
aab4cb6dd5ad4ebfded18748c5cd1a4361c154459f36a4cb49e32855b6866f92d3f065cd9cafa16e621a4216bb176f1554a8bbea7fd458b317eb1ff4c3c2bea1

Download Submit
memory/4824-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4824-2-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4824-13-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4900-10-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download
memory/4900-14-0x0000000000400000-0x00000000004B2000-memory.dmp

Filesize
712KB

Download
memory/4900-17-0x0000000002230000-0x0000000002231000-memory.dmp

Filesize
4KB

Download