17bcbc74ec8166ff11ef983aece5446115a54eddb47138cd6ff7e5a509634962

Resubmissions

20/05/2024, 14:16

240520-rlahvsdd52 10

24/03/2024, 22:26

240324-2cg7fscc9t 7

Analysis

max time kernel
117s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/03/2024, 22:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2cfcbae378ab69f0a78671a560571700.exe
Size

2.6MB
MD5

2cfcbae378ab69f0a78671a560571700
SHA1

97a6e23d367fb58e5076780b9d6358bd7d0ee592
SHA256

17bcbc74ec8166ff11ef983aece5446115a54eddb47138cd6ff7e5a509634962
SHA512

803bef8de5d4693d08611afc9bcc1ec61a159b71bc86cac02ba853c5c335110e161f58c759521eb9c2d7e86d376754d87a2789d91094289e67daf2b4c961c67a
SSDEEP

24576:ke3veFbXAD9zWi4MxO6m6b/fYLGACf9Dtc2PyX8+:ke/etqzXOu1Ff9DtTyf

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2520	2cfcbae378ab69f0a78671a560571700.exe

Loads dropped DLL 1 IoCs

pid	Process
2484	2cfcbae378ab69f0a78671a560571700.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2484 wrote to memory of 2520	2484	2cfcbae378ab69f0a78671a560571700.exe	30
PID 2484 wrote to memory of 2520	2484	2cfcbae378ab69f0a78671a560571700.exe	30
PID 2484 wrote to memory of 2520	2484	2cfcbae378ab69f0a78671a560571700.exe	30

C:\Users\Admin\AppData\Local\Temp\2cfcbae378ab69f0a78671a560571700.exe
"C:\Users\Admin\AppData\Local\Temp\2cfcbae378ab69f0a78671a560571700.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2484
- C:\Users\Admin\AppData\Local\2cfcbae378ab69f0a78671a560571700.exe
  "C:\Users\Admin\AppData\Local\2cfcbae378ab69f0a78671a560571700.exe"
  2⤵
  - Executes dropped EXE
  PID:2520

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\2cfcbae378ab69f0a78671a560571700.exe

Filesize
633KB

MD5
3b52a6b848734a9457d96c2f91224e0f

SHA1
9473a7e75896a61dbd821b1a48c7799e51670ddb

SHA256
fb6efbfe392b87a8e56b28a3e379225b8c9285c15965e4f72c1c98efe9d21d69

SHA512
9dc9270a717ef5feec18f06b2c8c4434128139ed798007d7a7f0e45bab7df6a3ae5a2be2acca3822bee99c11b7bd3ac3888975719a8aa050f6995d9b2b544a44

Download Submit
C:\Users\Admin\AppData\Local\2cfcbae378ab69f0a78671a560571700.exe

Filesize
565KB

MD5
f50461abdae44cc21d0f519dc2c60817

SHA1
6dee9eb1d07cc62e3034bfb2991dfb934cb5d0e3

SHA256
ff0fade3700bc43c4df07e6194ce0c4a56fad8f858ab1a979e67931b5ace18a7

SHA512
280b72fe450938c3f6237cc10fdf5e13f516b2285d71c658aff4ba1bdebc70a5b41346a8e23af0becbd301e2330227d1c074f2c5e6b6f7ad77506caf462fbe43

Download Submit
\Users\Admin\AppData\Local\2cfcbae378ab69f0a78671a560571700.exe

Filesize
1.3MB

MD5
449ca4435eae6f11c99323078aa061ff

SHA1
0c735897bf3db97943a7bfb909f201786be12451

SHA256
e7ab1e23605a799c283da5bfd1c49edf029731ec1e382852fdfa7c6ffc2a3281

SHA512
58ac38d5da82dab03c9d40f80d5e2fa279552021e609cfd2fe7fcb3ff6ce19074473f4202bfb63ccf24e491a277d785e612e96616b0ad2145ef975c5f7675f61

Download Submit
memory/2484-0-0x000000013F1E0000-0x000000013F472000-memory.dmp

Filesize
2.6MB

Download
memory/2484-1-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2484-2-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2484-11-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2520-9-0x000000013F7E0000-0x000000013FA72000-memory.dmp

Filesize
2.6MB

Download
memory/2520-10-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2520-12-0x000007FEF5D30000-0x000007FEF671C000-memory.dmp

Filesize
9.9MB

Download
memory/2520-13-0x0000000077A00000-0x0000000077BA9000-memory.dmp

Filesize
1.7MB

Download