1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25-03-2024 04:50

Target

1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe
Size

9.2MB
MD5

6ff07f91eec875d0a044c73d4ad89b66
SHA1

7a9fe53800e419a027e899e84da5037f80bcb942
SHA256

1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4
SHA512

8f249f8362aa93696a8c75e46c4ace222198cd52cfec1abe5b5d19e1257e610228d15ff36628cd9ab0a9202b27c6380de48e6aa09605d795b4bdcee42e5c0953
SSDEEP

196608:O+yBLycnfg7zk5nOz9UToMWnYuz1gZgc1nyDWeyHy:ug7zk5n4MWnYuR6gcMDWPS

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

noicon.exe

pid process

2624 noicon.exe
Loads dropped DLL 2 IoCs

Processes:

1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exenoicon.exe

pid process

2352 1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe
2624 noicon.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2624	noicon.exe

pid	process
2352	1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe
2624	noicon.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe

description	pid	process	target process
PID 2352 wrote to memory of 2624	2352	1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe	noicon.exe
PID 2352 wrote to memory of 2624	2352	1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe	noicon.exe
PID 2352 wrote to memory of 2624	2352	1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe	noicon.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\onefile_2352_133558158161884000\noicon.exe

Filesize
1.8MB

MD5
c17a48676cd699a61f9650c89154203f

SHA1
1f53768aaeef3637363c43b72d67d0a4c062db01

SHA256
249e6a23ca5763af015f9c9c78d6e787ae1252ee8fb340f431859cb0b28bc128

SHA512
eb88e849deccc515495501eaa56f732a344ec334efbb2fcc24e95f9b8610656761992f2f2a3a314b1b37f58436c2745e26fa8fd64925370706ccb2943ff7cab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2352_133558158161884000\python311.dll

Filesize
5.5MB

MD5
d06da79bfd21bb355dc3e20e17d3776c

SHA1
610712e77f80d2507ffe85129bfeb1ff72fa38bf

SHA256
2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

SHA512
e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2352_133558158161884000\noicon.exe

Filesize
9.6MB

MD5
e7e6b39702664b6577f0b36c092352c2

SHA1
5c10dd3ec19392d971873bd03a9795fa4aee9caf

SHA256
b2dea160bb2f4a1607620fd847ceb61296c0e974799532ed86293575b6de1d10

SHA512
3bdac4e148029ba062d955d5d768b8e3ae615c7f1e0201430e28f1154685f170367c2d684ae3e863edfbf6363600b68a38c9c12cda9df3991ca039574381ed59

Download Submit