Analysis
-
max time kernel
147s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240419-en -
resource tags
arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system -
submitted
26-04-2024 15:10
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20240419-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/INetC.dll
Resource
win7-20240215-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/INetC.dll
Resource
win10v2004-20240419-en
General
-
Target
file.exe
-
Size
49KB
-
MD5
705685a8deace858e7fc849471c045f3
-
SHA1
10132365b465a6f231c8e292f462c2d005b4f9b0
-
SHA256
7ff9182009a077962d7c00b287caaa60fe7888e5d6cf6018c14f967a2441a3f9
-
SHA512
b9dd7d5ca384ff4ad053d5f01d721f1180b1028e40c96cd94e04f2b2965e2f4be6cf4d2595f67c3e62039320b517e32200ffec165a9c544344d666732a57c56d
-
SSDEEP
1536:XferrLkSRoe8C4UZsys0Dh1duFpyFI+Plt:Xfi3k+oWDBDh1duFpXWlt
Malware Config
Signatures
-
Loads dropped DLL 1 IoCs
Processes:
file.exepid Process 2828 file.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
file.exedescription pid Process procid_target PID 2828 wrote to memory of 4836 2828 file.exe 87 PID 2828 wrote to memory of 4836 2828 file.exe 87 PID 2828 wrote to memory of 4836 2828 file.exe 87
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
25KB
MD540d7eca32b2f4d29db98715dd45bfac5
SHA1124df3f617f562e46095776454e1c0c7bb791cc7
SHA25685e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9
SHA5125fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d