1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4

Analysis

max time kernel
118s
max time network
127s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/03/2024, 22:22

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe
Size

9.2MB
MD5

6ff07f91eec875d0a044c73d4ad89b66
SHA1

7a9fe53800e419a027e899e84da5037f80bcb942
SHA256

1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4
SHA512

8f249f8362aa93696a8c75e46c4ace222198cd52cfec1abe5b5d19e1257e610228d15ff36628cd9ab0a9202b27c6380de48e6aa09605d795b4bdcee42e5c0953
SSDEEP

196608:O+yBLycnfg7zk5nOz9UToMWnYuz1gZgc1nyDWeyHy:ug7zk5n4MWnYuR6gcMDWPS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2632	noicon.exe

Loads dropped DLL 2 IoCs

pid	Process
2216	1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe
2632	noicon.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2216 wrote to memory of 2632	2216	1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe	29
PID 2216 wrote to memory of 2632	2216	1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe	29
PID 2216 wrote to memory of 2632	2216	1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe	29

C:\Users\Admin\AppData\Local\Temp\1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe
"C:\Users\Admin\AppData\Local\Temp\1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2216
- C:\Users\Admin\AppData\Local\Temp\onefile_2216_133561381405168000\noicon.exe
  "C:\Users\Admin\AppData\Local\Temp\1f8867ada4ccbaf5d2d673607a54d043af5702083884050d58bc4349ca6bf9d4.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2216_133561381405168000\noicon.exe

Filesize
14.1MB

MD5
00bd33442d6ccc67e94abc241fe7a1d2

SHA1
1cb098f8229be062287c5cddb146890ec63f8590

SHA256
4a435aa1e6bec542579f9ca629c5b7c1fdeee542733679b4c27c9ba0e1398280

SHA512
7a65d862b07f3f4078a0ad6004555395bf3bf622a91842bf19e5689c858be3ed544fc35b11d30028352a87d7947c90d3432f1f4f470b59fd068c4e624cd34e8a

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2216_133561381405168000\python311.dll

Filesize
5.5MB

MD5
d06da79bfd21bb355dc3e20e17d3776c

SHA1
610712e77f80d2507ffe85129bfeb1ff72fa38bf

SHA256
2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

SHA512
e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

Download Submit