6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493

Analysis

max time kernel
16s
max time network
16s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
29-03-2024 16:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493.exe
Size

6.2MB
MD5

c1a7c6973853dba46bd321884a9b1180
SHA1

0f2634bb722650750802d21abc6c78f6cd7e0b15
SHA256

6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493
SHA512

e6d7fac3c1482c8420be5befb711d4fa6f5d29401e66c74dd0de46ea0dacb6646254cfe8a0925dc1362805fe20188f8d0dda7d845005b91c9ffae36064a3bfef
SSDEEP

98304:cTrdghMYxXPGdey/9IqOviPqegB9Rw6X7oFkYsbtwElwvhmPh:cndghPBdtqPqL9Rw6X7PYgwT5m

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2656	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2156	6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493.exe
2656	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2656	2156	6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493.exe	28
PID 2156 wrote to memory of 2656	2156	6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493.exe	28
PID 2156 wrote to memory of 2656	2156	6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493.exe	28

C:\Users\Admin\AppData\Local\Temp\6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493.exe
"C:\Users\Admin\AppData\Local\Temp\6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\onefile_2156_133562023473108000\main.exe
  "C:\Users\Admin\AppData\Local\Temp\6a785ff02a98fddc87296c065d23aea2365862a2130ff414b7c4f06726cc4493.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2156_133562023473108000\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2156_133562023473108000\main.exe

Filesize
5.7MB

MD5
c13827a183bda8b6e5c60bd4e911de9c

SHA1
df8276c40e3155cbe015d885303472614787dcac

SHA256
0f7ea3a02abfa05a20a85e45089854b30fee77fff5681fc804bb1be8a5ff0725

SHA512
d96c604df3cc69f47765a62756cbf717c37946b13dfa40cf93788babe3e593bdeaf31d629307bd88f98dec37c928fa060d3846a27fb3a073d0e50a605c1c357d

Download Submit