4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24/04/2024, 21:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe
Size

1.3MB
MD5

eff4e6518348aa591b2814b5a0bd3138
SHA1

6e04fa11c85acdc9ac393268733baaaba4aa958f
SHA256

4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47
SHA512

e5b9bc5cd609bb85f5e1c751a395052edfbbb820c4c2774195e7060cf6ea26bb452faffc2f32d8e859114499c4c6a694eb9d5c79326be506a43d0904190270ca
SSDEEP

24576:kT/GtKVQA0QJo3Jw4PlaoHFnzokLWQcdNf8Q0qDNSVk5UzZlarPz6QutA6QjE5SK:kTaZAq6yZ5zprcdp1DNSa5UldQogpheB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2272	jp2lt.exe

Loads dropped DLL 1 IoCs

pid	Process
2228	4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2272	2228	4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe	28
PID 2228 wrote to memory of 2272	2228	4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe	28
PID 2228 wrote to memory of 2272	2228	4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe	28
PID 2228 wrote to memory of 2272	2228	4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe	28
PID 2228 wrote to memory of 2272	2228	4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe	28
PID 2228 wrote to memory of 2272	2228	4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe	28

C:\Users\Admin\AppData\Local\Temp\4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe
"C:\Users\Admin\AppData\Local\Temp\4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\jp2lt.exe
  "C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\jp2lt.exe" -litename "4d4adc37fb2c89efe5c3482ae40d409b6cdd343367dc3eba5333b86a5debbf47"
  2⤵
  - Executes dropped EXE
  PID:2272

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\Default.spk

Filesize
110KB

MD5
bd74a4b30418260dd7caa695000eb8e4

SHA1
e7aa3f336ca0658f97ce94b9650b14d6eb2bac36

SHA256
871a247c75d50381109862a81b7501521ada711a85ad2400474a15bfafad6766

SHA512
05d261e3c8446f427646e29bf5581e03f16bab4ab34abbdaf7be7cd5554ab54e92fe260e867057dbfdfc018bcf328b9b1a966cda9ab324e27751af16d4251883

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\Puzzles\px3119831.pzl

Filesize
730KB

MD5
497707118887675516c789e161345112

SHA1
7e2eb712430c31c25805a562921cf72e12b8cf4a

SHA256
59e665485ea73c746af20f0e8221cfad5878c027ae8d24219d39cac55a08d16c

SHA512
0b52500137bac816b9c45c43d834fd93b9a08abf6e6ce5c47f408d9af3a6141a213a1ae37c24d7ffe9f99f91ac83e131e1c2146973c60fdefd4cd97e57cf2351

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\data.pck

Filesize
11KB

MD5
810261516945f6611547d7c67883a0ca

SHA1
6c607c52277a7063acd623d2ebf8f917c9420463

SHA256
5dc5a977b099f4645ebab6271442d13457bfc7a91564700dc982b292933b574f

SHA512
0d44ad0f0cc833bfb0880008de607765e25f908d883186e153f3537e9da3d5e1594b6d4524f765a40602af591d8e82901080f8775cffd3734d57dbec1349cb40

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\english.lng

Filesize
17KB

MD5
31b0db710db76b64a0aebd5293ab6385

SHA1
377ba394d5dd8acfb61409d2a55ce1eb968ebe36

SHA256
552b36b0c8e752cd08bc52c4322bc4f7f772950bf30908f0decc22f6f58f8d36

SHA512
64d81cc76ee0c3c2df2772174577494ba42e247a0f862010b5ab617fab1920dd87b3a47e77e7d9ed33976a3a7484cc84d69b67adb23ef5ce294c8d178e87ae26

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\index.ini

Filesize
85B

MD5
e1d5ae44b80abb3d08c79802dd628105

SHA1
edc03503e2c02663d4578e4d90b8fa9e5b5b8379

SHA256
ca12b50de0fdf7ff149335f5280cdcade13989beb39695fe460fab454632126f

SHA512
8acfc532c3463fed80887ff3bc5f8b38d023af72a4900d19c4324ad9a74433e07619d503fc8a7bee7709a5d98913c755d644d84124cce53a7204176c9e999531

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\lite.lng

Filesize
917B

MD5
d6a6b435d0fae8bea7cf58f9e6556918

SHA1
b0c37e4c0b389e321274a29f2ff0e6c49cc26495

SHA256
b5bf33f1e3d183ff260b925b4bfaa46871f1a0e03357ccdad8fff05b26066423

SHA512
e664794bcaccbf86f6c3d4424427a9062f6ab82d6f2dfe07a13aea3e315fa114213d445a084e8e543075f3e5a9d82c0a1f179a7c257b425fb51e7ba4016b3229

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\log.txt

Filesize
3KB

MD5
abd666664051fd754eeba4d47082d9ff

SHA1
73ce9a2f323bd031219d833469094a5f281792da

SHA256
1500a7c10636a680069e45205e41e3a65b9e255100ba6e0d6e0a7aa0e3cde5d9

SHA512
379b5dc21794d2dc9ee6d0981bdd7b0d7d48f9449c4fc07aa2b38b3a5eb857a9e19caedb697434f2944254f1e8c10645eee6cec08221f155b6e83fae57133385

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\log.txt

Filesize
4KB

MD5
f19a771b6bbe5489da8e8e14af2ea041

SHA1
d8cceeed73759fa095deeee47c37dbaec3b87cc9

SHA256
3fb3b6d4aaaa4efd99d964ce8380eaf2bf5d87135847b2ce50962d1833c0327d

SHA512
a4167a0df49b3b57d368bf5dd4aa139a5d2f60414d4f0acab6b853a886211820618b8ceafa357f45e4ded051af793d34c7b8f80080f9de6101813bdeecef808f

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\log.txt

Filesize
607B

MD5
5e0b40d5ff72a3c5adc5fe8b431bc63d

SHA1
202c9195b2d4aac12c08acca883a4f30913fe2bb

SHA256
b74d1876e87ff99ad92596d1f86b223905c8125afd57e66126f6e454fc809198

SHA512
c06f3847db286240411603d2c6dca7769babe64ab0f1877cafb0af2ae22bd5f6c1df3b67ec9a69fa0a576e2b83e69e5c18ea8d7ae50b0550e405caf2fd847f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\log.txt

Filesize
867B

MD5
96f46583ce595c31db048d5195fe3e17

SHA1
1fa325c24e92ee6a21b1a1a2424c622d27708c55

SHA256
bf5f4ebb01337a07d98d85773b0dc1af30888c3c3b373ac8862ca2c690ef1af7

SHA512
b82dbe169117ada79c02c26671e51a61e9f51f0983f24800856c2c7f84badf1900211c004c94095b784a6491e82529b7255c58ae67c253595d34c31dce244d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\log.txt

Filesize
1KB

MD5
918a3ee246bf8dc9a94de6737f6182c9

SHA1
6f4b43e84b7f5747d0a396c6143c867aad61ebe5

SHA256
9ad381317f0ce086b5c7244b6cc75c232825f3e9ac62680c94b30be6527c9551

SHA512
86524c79079035b4bc285c84eb52dad9a06e12009753ab22d15eba74e6d3218fab9a31f79fc6cbdccca15efc38ec9661cde5572d361cb71607d8a29b4727f8b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\log.txt

Filesize
1KB

MD5
cf8899811d43de95f8d07b920636be74

SHA1
4aa810bc5b41b99e91eddef67234295b1795befe

SHA256
efc8b5c5043735d38c2aa8374d139cad4ac77311f191a9157b89e1a2301b6fbd

SHA512
d13a51c55b2b9a114b8795fcc503d1fb7ca8f22e4e0b4bcf823b285b58fe14e5094a041aab18389e543aa4bffaa043b50f08aa7aa60e23a28de5654a08df0527

Download Submit
C:\Users\Admin\AppData\Local\Temp\tll1584.tmp\log.txt

Filesize
2KB

MD5
ae93a6ef3dc4eacfca4660d9ffc1fb3d

SHA1
2f7ae5f596ff366cb32de9cdde8a4e5d98aed1de

SHA256
8edff34063125410ee8303aa7e279cd605f3a4da6abc73219958fab8564ad4c8

SHA512
dd87c838ae0c759697b4e7819df9dcce3ec39cb9941c417945312bf641426b7054613481c7e352fcf0e134913133eb73d5348d964903c3f99c3192f790ad2e01

Download Submit
\Users\Admin\AppData\Local\Temp\tll1584.tmp\Jp2lt.exe

Filesize
789KB

MD5
15701d07ec8cd1de2346eaa5369233fd

SHA1
56beebcb3b8dedfe20eca5eccb1a4e9eabd26299

SHA256
9796aeeced9ba10402137ac2081073fe6c6ba7d2fffdf1db18a265cff48b8970

SHA512
238a69e5f9161bf9097626379ca45683f523300e03b038e2a76d3ed9eee63903b4fc0839f318844ac1c5ebeeceaead74f021fd36e663eac33b94eb8cf7a27b24

Download Submit