8fca152597cdd333b6daefbeea2347a361132c6a5241265060e6ab19ecf74b57

Analysis

max time kernel
154s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
20-03-2024 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d781522ccc8dc4ccb493c67e999ced58.exe
Size

3.4MB
MD5

d781522ccc8dc4ccb493c67e999ced58
SHA1

3853ccc4cbe08ddf224f7a0c6f172e2a0b1a5ebb
SHA256

8fca152597cdd333b6daefbeea2347a361132c6a5241265060e6ab19ecf74b57
SHA512

496550be2cb17814113a4d05a924f21e9c9bec99b4a0205a3f332f067cf47fd5d68b9216f24c6d901aaa5267346adf8f4bcfebd2f62f9f5a272434571850773c
SSDEEP

98304:yOORySTaFaAIB24Q0tmJTSAEtBrpWpCDn2zI19v:ylRaFcB24PmJTSAEJW+Tv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1760	is-JSGQB.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 1760	4464	d781522ccc8dc4ccb493c67e999ced58.exe	99
PID 4464 wrote to memory of 1760	4464	d781522ccc8dc4ccb493c67e999ced58.exe	99
PID 4464 wrote to memory of 1760	4464	d781522ccc8dc4ccb493c67e999ced58.exe	99

C:\Users\Admin\AppData\Local\Temp\d781522ccc8dc4ccb493c67e999ced58.exe
"C:\Users\Admin\AppData\Local\Temp\d781522ccc8dc4ccb493c67e999ced58.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Users\Admin\AppData\Local\Temp\is-OEIM4.tmp\is-JSGQB.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-OEIM4.tmp\is-JSGQB.tmp" /SL4 $90118 C:\Users\Admin\AppData\Local\Temp\d781522ccc8dc4ccb493c67e999ced58.exe 3365385 50688
  2⤵
  - Executes dropped EXE
  PID:1760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4116 --field-trial-handle=2292,i,2103142837140538807,15881446839139365070,262144 --variations-seed-version /prefetch:8
1⤵
PID:1956

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-OEIM4.tmp\is-JSGQB.tmp

Filesize
572KB

MD5
0d0622f7d2fd629455a028d7e1cb1c07

SHA1
82bdfc15f188241c535d7a42f0f95c99d0913bf4

SHA256
ab0982c120a65adc3aa898af09ad923c9b896edfc52f7d206798c5fdf59d8f5a

SHA512
eb5a930c1ba85b9cdb60a65fcead39592f7a1b87985d927580bbdb9f8682087291a4eac9f5b2f7c8d4aa7abff78ce8c53dd7285bd7be8572cb65ade906e8807a

Download Submit
memory/1760-9-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/1760-13-0x0000000000400000-0x000000000049D000-memory.dmp

Filesize
628KB

Download
memory/1760-16-0x0000000000780000-0x0000000000781000-memory.dmp

Filesize
4KB

Download
memory/4464-0-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4464-2-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/4464-7-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download