89502c198b10fbe247df85336806d6597b685e2e59e9369bbb04331db1fcb749

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 19:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

uninstall.exe
Size

71KB
MD5

15f510ed36c8e0cf5314a539fe212644
SHA1

b317609ff8ec5b36afaffa1561a5d1fe95f9fe80
SHA256

4a2d101232d4f5f59780af757ee2f3fb241f686c02fbf2b6f4b3245391d9bf09
SHA512

fa3aef07e37ad16053b7802c635d5a107295a173a6978a1550220433b06cf1f4bbaa445569702ede001693c1dc9ee84a33c7c46607fa97a89404288781dc068d
SSDEEP

1536:07WtphcKAh9vOQte7ptUX0ETLw2YgdLeAyN0sMQ4Lk+XkxGSvD:JrYh9vz8ptxETLNYceAQMEZvD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4820	Un_A.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1000 wrote to memory of 4820	1000	uninstall.exe	85
PID 1000 wrote to memory of 4820	1000	uninstall.exe	85
PID 1000 wrote to memory of 4820	1000	uninstall.exe	85

C:\Users\Admin\AppData\Local\Temp\uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1000
- C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
71KB

MD5
15f510ed36c8e0cf5314a539fe212644

SHA1
b317609ff8ec5b36afaffa1561a5d1fe95f9fe80

SHA256
4a2d101232d4f5f59780af757ee2f3fb241f686c02fbf2b6f4b3245391d9bf09

SHA512
fa3aef07e37ad16053b7802c635d5a107295a173a6978a1550220433b06cf1f4bbaa445569702ede001693c1dc9ee84a33c7c46607fa97a89404288781dc068d

Download Submit