07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c

Analysis

max time kernel
120s
max time network
121s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 19:21

Target

07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe
Size

1.5MB
MD5

18f4a01dc6640db5daacf4c675f2cee9
SHA1

cc816c7f032c1cfb28b57c24b7afdd7a5534b59a
SHA256

07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c
SHA512

e9877dfe3b213f65b69008e4022e118521da91f3c43f037d1636465603b42f797f393c4c7f6624d664e3acf364f53c56706edae3591c8b8e2a62e0ecb461a179
SSDEEP

24576:nQM01OCFdVxszHq+ccHLes6Lypkh3nQTmRgxrI7oZBzI4rEnD:QHpV6rxqm84mRgpsoZB4

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

TailoredDeploy.exe

pid process

2544 TailoredDeploy.exe
Loads dropped DLL 1 IoCs

Processes:

07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe

pid process

1200 07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2544	TailoredDeploy.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe

pid	process
1200	07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe
1200	07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe

description	pid	process	target process
PID 1200 wrote to memory of 2544	1200	07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe	TailoredDeploy.exe
PID 1200 wrote to memory of 2544	1200	07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe	TailoredDeploy.exe
PID 1200 wrote to memory of 2544	1200	07e9a7732890cf06e479fee41218eefe404eff1bb29f888d9384752ec8d51e6c.exe	TailoredDeploy.exe

C:\ProgramData\spptools\TailoredDeploy.exe
"C:\ProgramData\spptools\TailoredDeploy.exe"
2⤵
- Executes dropped EXE
PID:2544

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\ProgramData\spptools\TailoredDeploy.exe

Filesize
344KB

MD5
83c5a1d9ef909dbcf4b00224c4163616

SHA1
24897b939bcd2981c705001683a0bc846ceb0de7

SHA256
09d69306c8689f9d47a20b881b441b6e207b897aa6e79888c608aec9181137a8

SHA512
a807c8c2b5c41d5c1a04d9f93e8a83f77e7b17646d0a309ad639c4513a573034a9cfac7613de98646666f02430d951179f22bfd764fd52d0dd22b0700f66d2a9

Download Submit