3e40f1603c0b6ad476aa9e4bf8518dbc1d1b8a7a6ae4885703d4d932fc97e607

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 22:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

49d89026e7915d12c673a72fb106bb91.exe
Size

448KB
MD5

49d89026e7915d12c673a72fb106bb91
SHA1

de87ac594f4f9e47674f87b24e9470dcd03baf1c
SHA256

3e40f1603c0b6ad476aa9e4bf8518dbc1d1b8a7a6ae4885703d4d932fc97e607
SHA512

fb340b2773b868bf04ab6c40202906e6d06ec18fd36194248120acc4aa6fcf1ad2cf489c4f76adba512a6c6c889b5467f1c2bb27dec11f8b2ed00451ef78b2f6
SSDEEP

6144:tck18MipfIUaQYu8tbS6JBEYFW8jb/HVbdsifRe9+HH:tX8Djadu8Jtxr1bBGoH

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 2872	1040	49d89026e7915d12c673a72fb106bb91.exe	28
PID 1040 wrote to memory of 2872	1040	49d89026e7915d12c673a72fb106bb91.exe	28
PID 1040 wrote to memory of 2872	1040	49d89026e7915d12c673a72fb106bb91.exe	28
PID 1040 wrote to memory of 2872	1040	49d89026e7915d12c673a72fb106bb91.exe	28

C:\Users\Admin\AppData\Local\Temp\49d89026e7915d12c673a72fb106bb91.exe
"C:\Users\Admin\AppData\Local\Temp\49d89026e7915d12c673a72fb106bb91.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\mah1591.tmp.bat" "C:\Users\Admin\AppData\Local\Temp\49d89026e7915d12c673a72fb106bb91.exe""
  2⤵
  PID:2872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\mah1591.tmp.bat

Filesize
35B

MD5
41e04af6c7f35e15ac889e5e2381d8f1

SHA1
13b65d3ba03679965ac39956ac239835184bf926

SHA256
5de34e7d2d1c6509fd2fe8fcbe77e02dabfdba3f51c792b9824141cd5f8f94af

SHA512
6df65788c5b79d161ff9cbbe07c6ccc5b31b56afcd5f31b86a8c52855edf1e9e86b1fc450616eba7e870ac241a4f6d1e41c9037dd8861bf78a1546d345e42b43

Download Submit
memory/1040-0-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/1040-1-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/1040-5-0x0000000000020000-0x0000000000021000-memory.dmp

Filesize
4KB

Download
memory/1040-4-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download