Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    24-04-2024 21:34

General

  • Target

    4e004cb79ab58c24f48a68f1b9cab149cf23909968f40ac2ee2cdd368f16c1c2.exe

  • Size

    58KB

  • MD5

    7ae9b9e84a37052f966b25f59217948e

  • SHA1

    350ead044887301358c8750876205aae2403cce0

  • SHA256

    4e004cb79ab58c24f48a68f1b9cab149cf23909968f40ac2ee2cdd368f16c1c2

  • SHA512

    873a9d40c2d77c37e964b8e5d4e4c914e0fb0baf1f3d2178ca6d933dacbcb1ca7cd38e7e9b560bb61bbe0de6f1e5afc08ece3123e8e94663904a597a2e5aa6ce

  • SSDEEP

    1536:u71oupKBmSGg8vmemBg5mdVzvPzsMF/xl:uBvpGeatx/3

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\4e004cb79ab58c24f48a68f1b9cab149cf23909968f40ac2ee2cdd368f16c1c2.exe
    "C:\Users\Admin\AppData\Local\Temp\4e004cb79ab58c24f48a68f1b9cab149cf23909968f40ac2ee2cdd368f16c1c2.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2784
    • C:\Users\Admin\AppData\Local\Temp\4e004cb79ab58c24f48a68f1b9cab149cf23909968f40ac2ee2cdd368f16c1c2.exe
      "C:\Users\Admin\AppData\Local\Temp\4e004cb79ab58c24f48a68f1b9cab149cf23909968f40ac2ee2cdd368f16c1c2.exe" end
      2⤵
        PID:2928

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2784-0-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB

    • memory/2928-1-0x0000000000400000-0x0000000000413000-memory.dmp

      Filesize

      76KB