1f0ae530b0b7dea5e985bc56f1e76e502817e7eb633ec6d26252c2adf64e7fc7

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
09/04/2024, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dcc35727d7e438ab93085701fdabb69e.exe
Size

44KB
MD5

dcc35727d7e438ab93085701fdabb69e
SHA1

1941da805bc6acf5525e1924ac0b263a48c34d00
SHA256

1f0ae530b0b7dea5e985bc56f1e76e502817e7eb633ec6d26252c2adf64e7fc7
SHA512

fc06461421a091dc0efab6ad96507ce70de6dbb5e1dad1c3ab616c4ab92676ae5353b5907445932e584657ca507536d3d397e6c0e038c29bb7ba9bf66ad00fca
SSDEEP

768:OIHfj3hVSRJt+UaVtN908DHDHZ5lm+Li8w:OCDhVSRJYJ9vbDMj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1360	wefi.exe

Loads dropped DLL 1 IoCs

pid	Process
1728	dcc35727d7e438ab93085701fdabb69e.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1728 wrote to memory of 1360	1728	dcc35727d7e438ab93085701fdabb69e.exe	29
PID 1728 wrote to memory of 1360	1728	dcc35727d7e438ab93085701fdabb69e.exe	29
PID 1728 wrote to memory of 1360	1728	dcc35727d7e438ab93085701fdabb69e.exe	29
PID 1728 wrote to memory of 1360	1728	dcc35727d7e438ab93085701fdabb69e.exe	29

C:\Users\Admin\AppData\Local\Temp\dcc35727d7e438ab93085701fdabb69e.exe
"C:\Users\Admin\AppData\Local\Temp\dcc35727d7e438ab93085701fdabb69e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Users\Admin\AppData\Local\Temp\wefi.exe
  "C:\Users\Admin\AppData\Local\Temp\wefi.exe"
  2⤵
  - Executes dropped EXE
  PID:1360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\wefi.exe

Filesize
44KB

MD5
91809be6001f5441811446b091203d96

SHA1
b23727e2974407de99f24e8a68382cf1e2ff4f7d

SHA256
7fbfee4ada5156ff9e6ff9d8de16584d36e01cd37bf4788e1a9466faf91f231d

SHA512
4ecec2ec9ecc7971b689217878a9ee68f42786e513348b758c1a3e74641a1b3b4cd74493bfe20d2980542ec5a3e6f7fed83ef2d44a4cb8e3c4c487840027b935

Download Submit
memory/1360-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/1728-1-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download