Analysis

  • max time kernel
    147s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-04-2024 15:10

General

  • Target

    file.exe

  • Size

    49KB

  • MD5

    705685a8deace858e7fc849471c045f3

  • SHA1

    10132365b465a6f231c8e292f462c2d005b4f9b0

  • SHA256

    7ff9182009a077962d7c00b287caaa60fe7888e5d6cf6018c14f967a2441a3f9

  • SHA512

    b9dd7d5ca384ff4ad053d5f01d721f1180b1028e40c96cd94e04f2b2965e2f4be6cf4d2595f67c3e62039320b517e32200ffec165a9c544344d666732a57c56d

  • SSDEEP

    1536:XferrLkSRoe8C4UZsys0Dh1duFpyFI+Plt:Xfi3k+oWDBDh1duFpXWlt

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2828
    • C:\Windows\SysWOW64\cmd.exe
      "cmd" /c "C:\Users\Admin\AppData\Local\Temp\nsp38D4.tmp\lood.bat"
      2⤵
        PID:4836

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsp38D4.tmp\INetC.dll

      Filesize

      25KB

      MD5

      40d7eca32b2f4d29db98715dd45bfac5

      SHA1

      124df3f617f562e46095776454e1c0c7bb791cc7

      SHA256

      85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

      SHA512

      5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d