76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20240319-en
resource tags

arch:x64arch:x86image:win7-20240319-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 19:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe
Size

29KB
MD5

7ca6856e3d8d673a5b8d3a05ae7cbed2
SHA1

7d16e49c93d5bd6c2addffdcc800b08b4801ed58
SHA256

76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7
SHA512

43f4625e8c9f36cb8fb1293f394b80d454e822842502f9275bd99d954c13ee36039286283676215293d06856254e8fff03e2b6f93d47895335e597c027f38c2c
SSDEEP

384:UzITNKpJWmdLd/zNdKNPw5MQfjWpjLS4wVQJb4:UMT+JB4dQStLrV4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1240	kgfdfjdk.exe

Loads dropped DLL 2 IoCs

pid	Process
2496	76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe
2496	76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2496 wrote to memory of 1240	2496	76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe	28
PID 2496 wrote to memory of 1240	2496	76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe	28
PID 2496 wrote to memory of 1240	2496	76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe	28
PID 2496 wrote to memory of 1240	2496	76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe	28

C:\Users\Admin\AppData\Local\Temp\76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe
"C:\Users\Admin\AppData\Local\Temp\76f6276e9511be6d50b66ac5ff952d61d8eb5a8d9ba7cdf1e7f0d0f60cd31bb7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2496
- C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe
  "C:\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe"
  2⤵
  - Executes dropped EXE
  PID:1240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\kgfdfjdk.exe

Filesize
29KB

MD5
56d9fbf5e9bf2bf6ca7915410e1df453

SHA1
234c8f4acc6609a69f4fbd186823e736d6763bd0

SHA256
5e49e5c1ae4f54357b94375ca3e167718ac1c7ac6f65a328b0fb162f1e1419d5

SHA512
d1e912cdb77e3246be4fd7831c5ad3449e8500512e207a3b96f42ea5ccb675729f9f654773c1f5bbcc9eea326fffeed91ec4e26308d29586a76e7a0244f5132e

Download Submit