fb07ccd3cd253b4d549edc2eb5decfacffbb20f2246a6222ba8a75b3d243fb0d

Resubmissions

21/05/2024, 11:15

240521-nc2n7sbe75 7

21/05/2024, 11:12

240521-nbbfmabd99 7

Analysis

max time kernel
27s
max time network
29s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21/05/2024, 11:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

117KB
MD5

541c397752f12052e3924e53c77932f9
SHA1

a4717a37069fd117519fc4a9cad13b92aee968f6
SHA256

8dc96687684e9643d0a93b3a02dadc815d14b63b0abbec987867385fc938c01a
SHA512

7da79fefc1887111fd278dd74d67a75bdabc9d5a2577340ebcefab5aefc06f71cd3b75a494724ef9c416122da20e51f0f56707516881c11280f6f1e91f9c7bb6
SSDEEP

3072:FbG7N2kDTHUpouh5LlP3qFhI+KJ8pDT78WwGry0Al:FbE/HUpBW6+4+v+FNl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2308	Un_A.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 216 wrote to memory of 2308	216	Uninstall.exe	83
PID 216 wrote to memory of 2308	216	Uninstall.exe	83
PID 216 wrote to memory of 2308	216	Uninstall.exe	83

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:216
- C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe
  "C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe" _?=C:\Users\Admin\AppData\Local\Temp\
  2⤵
  - Executes dropped EXE
  PID:2308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\~nsuA.tmp\Un_A.exe

Filesize
117KB

MD5
541c397752f12052e3924e53c77932f9

SHA1
a4717a37069fd117519fc4a9cad13b92aee968f6

SHA256
8dc96687684e9643d0a93b3a02dadc815d14b63b0abbec987867385fc938c01a

SHA512
7da79fefc1887111fd278dd74d67a75bdabc9d5a2577340ebcefab5aefc06f71cd3b75a494724ef9c416122da20e51f0f56707516881c11280f6f1e91f9c7bb6

Download Submit