0776c9cd6364f2cd70d0ec1f99306ba7a5713e0f15c8f36424d9bcacfe9928d9

Analysis

max time kernel
165s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 22:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5773a121b4d5d51d104c2b7fd821dca4.exe
Size

28KB
MD5

5773a121b4d5d51d104c2b7fd821dca4
SHA1

e2d960deb79d51d21b41699fff67e4f55665b68f
SHA256

0776c9cd6364f2cd70d0ec1f99306ba7a5713e0f15c8f36424d9bcacfe9928d9
SHA512

2bbca24bedf74752e4d6f2160b74b8addbbf900fa45f48a1bd4d488743cfee154785e479068662641427eb554e2cead92237d000fe1c01accc6713d3a7b7b17b
SSDEEP

384:MTfu6tiiMKbmR1fHBwnnvhR8k1lC94dIkf8jEc3Q:MTfrtWnvfHBwnvP8k1bf43Q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2084	dpdnj.exe

Loads dropped DLL 1 IoCs

pid	Process
2732	5773a121b4d5d51d104c2b7fd821dca4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2084	2732	5773a121b4d5d51d104c2b7fd821dca4.exe	28
PID 2732 wrote to memory of 2084	2732	5773a121b4d5d51d104c2b7fd821dca4.exe	28
PID 2732 wrote to memory of 2084	2732	5773a121b4d5d51d104c2b7fd821dca4.exe	28
PID 2732 wrote to memory of 2084	2732	5773a121b4d5d51d104c2b7fd821dca4.exe	28

C:\Users\Admin\AppData\Local\Temp\5773a121b4d5d51d104c2b7fd821dca4.exe
"C:\Users\Admin\AppData\Local\Temp\5773a121b4d5d51d104c2b7fd821dca4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Users\Admin\AppData\Local\Temp\dpdnj.exe
  "C:\Users\Admin\AppData\Local\Temp\dpdnj.exe"
  2⤵
  - Executes dropped EXE
  PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\dpdnj.exe

Filesize
28KB

MD5
fc6bbcfde6598c4c19707516a8d8e8d6

SHA1
bdc247961e2fdfaa00e86b5fbf4a2160a84da053

SHA256
5ec612aabc5d87c26b32ce331503bec394b57a95237adfb1652708e7f94c517e

SHA512
584719884f712fa16e0c694ac03c0610d6b45540ee829fe4df9f0f2a31961d7ee00691806398b557c189179643a8b3b3839001fb304615790edb4c7fe92de484

Download Submit
memory/2084-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2732-1-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download