b584e51d2963e09d6131b4478278aae81f8671eab799780a03a85b37b0546844

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
11/05/2024, 09:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$_3_.exe
Size

1.7MB
MD5

d4c16982f8a834bc0f8028b45c3ae543
SHA1

9d9cec9af8f23a23521e20d48d9af1024663a4a7
SHA256

932badf8ce27381bd595c9d861d7f7142fe98f233a893a2003a5f5e5ec163b3b
SHA512

c94b8d978afac107c08a5405cf9510e48d4bcf1284292eee1d08898f1c7a43a83a9655dc4d85d27d3b825e45a8f136c7beb71405fab94bb5e2437b7c4ad44b5c
SSDEEP

49152:n7mrmYPoEHVGTWFkO4ITVpSuEqM/vrM3rA3SuN5:km2Z12WFYFVf

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2348	$_3_.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2348	$_3_.exe
2348	$_3_.exe
2348	$_3_.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2348 wrote to memory of 2928	2348	$_3_.exe	30
PID 2348 wrote to memory of 2928	2348	$_3_.exe	30
PID 2348 wrote to memory of 2928	2348	$_3_.exe	30
PID 2348 wrote to memory of 2928	2348	$_3_.exe	30

C:\Users\Admin\AppData\Local\Temp\$_3_.exe
"C:\Users\Admin\AppData\Local\Temp\$_3_.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2348
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\15914.bat" "C:\Users\Admin\AppData\Local\Temp\1F524389CCA64669A3B73C83E48C8E17\""
  2⤵
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\$I2B98BE

Filesize
544B

MD5
90fbdee976b45b988e4aaa520f78fae3

SHA1
976a6f1d4ca01754a4c36ecf7bc00ca4f0bb3aed

SHA256
3cb125485d55e7551743ed59ff6620e2abb185e439aada4c21b35ec06e14429b

SHA512
ef11613bd94a4e9c226fcd64f59653e9f48202d5cd192f1ce7c736d6d1ae555397f643df3378703edf6ee59964bcd18f7530afec46b013410040433bc10f797b

Download Submit
C:\$Recycle.Bin\S-1-5-21-268080393-3149932598-1824759070-1000\$IK07AC3

Filesize
544B

MD5
dcf1a31476a7c870b082b476992cb7cd

SHA1
f80a93e46708e6fc14b949c4d7d8e3145d813988

SHA256
5ad79dd31a95a3fa6f08bdda1c2676c661cf9161f29a1cba84df62286821e6c2

SHA512
6c1e76ba3babca1319a0716568bbfb395f53a5d11b0a9ae756b79a451dd654a7bf2f8673f092a2cdc056fad6351e2cdb8a8540ef5c092cdad6582b6ebeb9b7a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\15914.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\1F524389CCA64669A3B73C83E48C8E17\1F524389CCA64669A3B73C83E48C8E17_LogFile.txt

Filesize
3KB

MD5
9649ec1310fb389643a8aa24bc6c465d

SHA1
c3edf5e6b17dba67060423095070f4ada854911d

SHA256
134854ffcb64a772697408d14ccc059cbe8d56097a9dda810a8b6aa31cec8842

SHA512
81fb09a0fa87a7d7f362711a704b1e90c3fb51dcc5e5f4603d914c90ed84e74c819307200d6abb4492fe36f1c729990b56dfacd769951fb5f07c6336c30cec48

Download Submit
C:\Users\Admin\AppData\Local\Temp\1F524389CCA64669A3B73C83E48C8E17\1F524389CCA64669A3B73C83E48C8E17_LogFile.txt

Filesize
5KB

MD5
e1980aee2b5d6d38941f5e3df466b809

SHA1
0fdd39630e17bb5d79548efbae88311f24ed30cf

SHA256
22b516f148b6a36193cced844912e64a060b4e41ad12d5116c0709b290e2f605

SHA512
f57d3d7904e6888bbd3d66654d5e1d1ca5977b7d816509a6d6a5ec8dbdd77ef19fa3ac5cf512d3d3407b1a4e3f5c4280b5678fd60c02d29a0c5ea200bb509a41

Download Submit
C:\Users\Admin\AppData\Local\Temp\1F524389CCA64669A3B73C83E48C8E17\1F5243~1.TXT

Filesize
27KB

MD5
17c6972c1a5c854eabe49368910191e2

SHA1
ca4e547ac549dcc04e354ec032cdcb85b734e88e

SHA256
9d17a84830b485103bc573c1c91c6a42760c5298e352b5c01292622df507ae46

SHA512
a17cd9b9df95b97f1999423f54f7513386ed597f73948cda43b1490ffa9e54cd1e9fe845054a012eb28a65e382ccbef0edfa19c8facba732f16e012773682a15

Download Submit
memory/2348-67-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download
memory/2348-196-0x0000000000680000-0x0000000000681000-memory.dmp

Filesize
4KB

Download