2d52c1f4a95db6bcad65d971a218e7b3b18a35e404e43fb53f340f635397e216

Analysis

max time kernel
118s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
14-05-2024 04:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

updated.exe
Size

14.3MB
MD5

0ac2a69ee4ce6071a0fddd453ec9c780
SHA1

2c9e6f1183aa56dd08d1e49345c6d7a5094c13f7
SHA256

2d52c1f4a95db6bcad65d971a218e7b3b18a35e404e43fb53f340f635397e216
SHA512

f4f5c54303ef9eaae6e05844c6ca3c6f12ad7c259a71dc1f7e2a8bd8a05a5ba51459eb28905fcc25a1bcac6ebba66581b31abefad53ff5a56b37fee9b6bfe796
SSDEEP

393216:D3BAnExX5UULTyEg7AhubVYxhSYkm8EGZBeci0ldAVlI:DbxLTyzAhs0DVGZBe50A

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

updated.exe

pid process

2648 updated.exe
Loads dropped DLL 2 IoCs

Processes:

updated.exeupdated.exe

pid process

2576 updated.exe
2648 updated.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2648	updated.exe

pid	process
2576	updated.exe
2648	updated.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

updated.exe

description	pid	process	target process
PID 2576 wrote to memory of 2648	2576	updated.exe	updated.exe
PID 2576 wrote to memory of 2648	2576	updated.exe	updated.exe
PID 2576 wrote to memory of 2648	2576	updated.exe	updated.exe

C:\Users\Admin\AppData\Local\Temp\updated.exe
"C:\Users\Admin\AppData\Local\Temp\updated.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\onefile_2576_133601335544138000\updated.exe
"C:\Users\Admin\AppData\Local\Temp\updated.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2648

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2576_133601335544138000\python310.dll
Filesize
4.2MB

MD5
e9c0fbc99d19eeedad137557f4a0ab21

SHA1
8945e1811ceb4b26f21edcc7a36dcf2b1d34f0bf

SHA256
5783c5c5a3ffce181691f19d27de376a03010d32e41360b72bcdbd28467cfcc5

SHA512
74e1289683642ae2bc3cf780a07af1f27fed2011ef6cc67380f9c066c59d17a2fb2394a45a5c6cd75dad812a61093fdbd0f2108925f5c58fc6644c1c98be5c0b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2576_133601335544138000\updated.exe
Filesize
26.2MB

MD5
4a747bc8ff3ed295de62f7a92c02447c

SHA1
7b23c7502e4a2dad62f8374021819e5c4ed5dd61

SHA256
f08639b1d6520e3eb608eb1c58528e8a58b922ed85dcdfc8e2d1a82753eb5a1a

SHA512
bb35105bd6f44e76f28b1c8c9c955c4a13ee6d13d7f2fc8178cd3cf1d4db27ff4dc61ccefbb06e8bf2e5fbb1d0d29e72765c616e184fd0f23db2ac202416ef3e

Download Submit
memory/2576-126-0x000000013F820000-0x0000000140689000-memory.dmp

Filesize
14.4MB

Download