48880c052aed0c6a6d8561257c8e8b5d1cde90090c02835982337e2b74b45ccd

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
26-03-2024 02:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4e8ab40793a3438ae0d9e4b904ac3973.exe
Size

221KB
MD5

4e8ab40793a3438ae0d9e4b904ac3973
SHA1

10345f47a06c75b2599f4a08aadfebf47a0679d2
SHA256

48880c052aed0c6a6d8561257c8e8b5d1cde90090c02835982337e2b74b45ccd
SHA512

65a4d81dc6ab74d2fac8e4e8559f3380388b31eaab53882f92d08d9044db0e4dce98f2d38dfcb0f647115617aac4db749f89c37bcbbb0b190b7cadb206e8053f
SSDEEP

3072:cP95fwVjSH3MZ0YQRYrgWbNPpEe3f1C/q/CM4BoQF9nBYvQd2a:cP95Eq3MqYQugIf1CCwnua

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 4768	3528	4e8ab40793a3438ae0d9e4b904ac3973.exe	88
PID 3528 wrote to memory of 4768	3528	4e8ab40793a3438ae0d9e4b904ac3973.exe	88
PID 3528 wrote to memory of 4768	3528	4e8ab40793a3438ae0d9e4b904ac3973.exe	88

C:\Users\Admin\AppData\Local\Temp\4e8ab40793a3438ae0d9e4b904ac3973.exe
"C:\Users\Admin\AppData\Local\Temp\4e8ab40793a3438ae0d9e4b904ac3973.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\yyyy.bat
  2⤵
  PID:4768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\yyyy

Filesize
221KB

MD5
9ccb01c5c0ea8ae4043f505360c77ef3

SHA1
6f903c0ca624957d12c1b9af4f7b50729f7122d2

SHA256
60d4fa344bdbc3752ff50d48e6d57f5d666dc07aec118f3899e2e67a29d252ce

SHA512
130b1b1db2df72e98936b9ffe61e3f5e1b292f6261edaacd51f94be097d6fde16483f172052e4b358805f58552274569cea3a4d7802e25de4ef0ba96dc17ccc3

Download Submit
C:\Users\Admin\AppData\Local\Temp\yyyy.bat

Filesize
337B

MD5
e51d24f6b001e6342cc30e3980e385a0

SHA1
605509279afb143d6745ca22644d37957398a201

SHA256
2351618ea524a9e8ae0c1a4dd39c792ba2c8a4ecb1b3af988b3d574ed63bd610

SHA512
b0715a54d1fbe8279c75f677c26992295beba8a62f231ee3e907faddb3c551af7703879a4f14d366313bd662290abc7f147cdfbe9c739234b8961aa9a2af1131

Download Submit
memory/3528-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/3528-6-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download