Analysis

  • max time kernel
    66s
  • max time network
    53s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240419-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-04-2024 01:16

General

  • Target

    1c6bb4115d8b51391fd600bc70d88a8e9cc9e6406cd7f626087ff4cead341784.exe

  • Size

    49KB

  • MD5

    6781c522f3390cc4947959d168e61bbc

  • SHA1

    8c94b577b260a9a1606af373ee25ab65478d797d

  • SHA256

    1c6bb4115d8b51391fd600bc70d88a8e9cc9e6406cd7f626087ff4cead341784

  • SHA512

    e6478ff7939e4527814539962959f0a2f869960796d392f2b97b5e5a1d371319bf4d060fe1f095b29250797eb9a9d0ba934c270d838837651dc9f5db4ca9b7de

  • SSDEEP

    1536:XferrLkSRoe8C4UZsys0Dh1duFpmFI+PlU:Xfi3k+oWDBDh1duFpbWlU

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1c6bb4115d8b51391fd600bc70d88a8e9cc9e6406cd7f626087ff4cead341784.exe
    "C:\Users\Admin\AppData\Local\Temp\1c6bb4115d8b51391fd600bc70d88a8e9cc9e6406cd7f626087ff4cead341784.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2028
    • C:\Windows\SysWOW64\cmd.exe
      "cmd" /c "C:\Users\Admin\AppData\Local\Temp\nsj372E.tmp\load.bat"
      2⤵
        PID:5096

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\nsj372E.tmp\INetC.dll

      Filesize

      25KB

      MD5

      40d7eca32b2f4d29db98715dd45bfac5

      SHA1

      124df3f617f562e46095776454e1c0c7bb791cc7

      SHA256

      85e03805f90f72257dd41bfdaa186237218bbb0ec410ad3b6576a88ea11dccb9

      SHA512

      5fd4f516ce23fb7e705e150d5c1c93fc7133694ba495fb73101674a528883a013a34ab258083aa7ce6072973b067a605158316a4c9159c1b4d765761f91c513d