2e828f19339d7caaa33dda6b21e64d95ad5f7ed1b07a95398738d71857389237

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7059a4383c70a316ddd8742c5951ccf.exe
Size

79KB
MD5

b7059a4383c70a316ddd8742c5951ccf
SHA1

71f395bc0c4a96b7a8e70ec406268a8e95207965
SHA256

2e828f19339d7caaa33dda6b21e64d95ad5f7ed1b07a95398738d71857389237
SHA512

14bc6a93401df0366bd598ca6fd4c03651ceb9b1bcff7cb92289f0a5d8e012a5ca7653e5da8fd735d3bed8a41124683b0d357206fab9fd3ccf156459decf00f9
SSDEEP

1536:vmcbpjuT6fcH65rlKy2ZAlziDYVf8KRASnJIXhbh6ALhvbAnl4muPCbjqSy:vt1uVHMpKy2OIDYl86n+XpLLyl4mYSy

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2256	b7059a4383c70a316ddd8742c5951ccf.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2256	b7059a4383c70a316ddd8742c5951ccf.exe

C:\Users\Admin\AppData\Local\Temp\b7059a4383c70a316ddd8742c5951ccf.exe
"C:\Users\Admin\AppData\Local\Temp\b7059a4383c70a316ddd8742c5951ccf.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
PID:2256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ci0-temp\uci-left.bmp

Filesize
9KB

MD5
4a63f70471e5d8308a1a315d9d0d8d87

SHA1
a76cea622e213c9a1fa151d0a8b3b57fbbbeffd8

SHA256
ed012ff868c63c18920620839e437143b436655c00695b0088777f129cc53e66

SHA512
2a7ef725226b5983b2f4af6fe7622c57e2ef89fee8dc6c9a4c0a47580f3776423fc7002f975ad4a5c4720139c86155069fa56869b64cdc0e89a461e6b82dda1a

Download Submit
\Users\Admin\AppData\Local\Temp\gert0.dll

Filesize
88KB

MD5
e9bcd9e8749b6a38a5f7cffe08fc10df

SHA1
dc0137c184ae2f297be73b3edae9972ed63223de

SHA256
24c83bdcdf78b95389228b4b5d65287b1ef1a1c30b44bd250e25b8a465e376e8

SHA512
00906dac83d0004e1ce247c21496ea3e9bddef417b6a18029594c66e202dd6873d407d5f829cd40c0e78e3b6ecd7cc574005e4ba2357c3009202b87aa95a30c2

Download Submit