78678a494c1eabd5894b4b58106d0641754f786c7ce81bbd46d0faca7633a392

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
10/04/2024, 11:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.DEL_SGM.exe
Size

300KB
MD5

17f80028ef75934afc8750a29ba1b3b1
SHA1

10d81e05985f675fe6e75174c72689e3c6dcedf5
SHA256

78678a494c1eabd5894b4b58106d0641754f786c7ce81bbd46d0faca7633a392
SHA512

074a3a2491d15b3e28f5de0c2bd0e53c1a0b683bc6bddd26e2b3368223fb3cdc30f531063a2c146d37ca9a51444113b3d3c9226e5ea8b1b7e29ef817da79cdce
SSDEEP

6144:Vt5hBPi0BW69hd1MMdxPe9N9uA069TBZeIWSPX:Vtzww69T/4SP

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Kills process with taskkill 1 IoCs

evasion

pid	Process
2032	taskkill.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2032	taskkill.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 944	2956	1.DEL_SGM.exe	28
PID 2956 wrote to memory of 944	2956	1.DEL_SGM.exe	28
PID 2956 wrote to memory of 944	2956	1.DEL_SGM.exe	28
PID 944 wrote to memory of 2032	944	cmd.exe	30
PID 944 wrote to memory of 2032	944	cmd.exe	30
PID 944 wrote to memory of 2032	944	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\1.DEL_SGM.exe
"C:\Users\Admin\AppData\Local\Temp\1.DEL_SGM.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Windows\system32\cmd.exe
  "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6E4.tmp\6E5.tmp\6E6.bat C:\Users\Admin\AppData\Local\Temp\1.DEL_SGM.exe"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:944
- - C:\Windows\system32\taskkill.exe
    taskkill /IM SigmaPlus.exe /f
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2032

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\6E4.tmp\6E5.tmp\6E6.bat

Filesize
200B

MD5
80a6afe81c6136b9728559a31b302182

SHA1
c5eed95b08f39ddee668732c9201d3326af846f2

SHA256
af3262deffebcdea8a03720bbb4b7cf42212747acb8da089633ef47caeac1109

SHA512
b623ab7f340b6c0614ca24b30645e3a0f7125d00ce35c0a92b8a549dcee14f116a49184ffc622e060df40f0e4807e87d3cd106d70bcf0e5d36f46d48587fe3b5

Download Submit