1fd9d600d4a83e76248ac860f0922292a5e124bf99510f346af0041c668e947b

Analysis

max time kernel
91s
max time network
17s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 20:56

Target

NinjaGotALowTaperFade.exe
Size

3.1MB
MD5

51519dec44b5e5a5350ca3a52207049c
SHA1

1675dc9f30bc0b9f150b94469eb9937be3c47a5a
SHA256

1fd9d600d4a83e76248ac860f0922292a5e124bf99510f346af0041c668e947b
SHA512

9f0a211cec627c59dcf7009ff99f6e1d15370628a314bfffb6d4cded935e44eeff3aebe81e21e3ce8691a64cf3893d07834b15619a2071db7ee3b942b1ffa4c5
SSDEEP

98304:aDUIaft04zDMxp+KNW1bvJyc5hN0qW4d9HXG:E8g

Score

7^/10

Executes dropped EXE 1 IoCs

Processes:

MicrosoftWebHelper.exe

pid process

2988 MicrosoftWebHelper.exe
Loads dropped DLL 1 IoCs

Processes:

NinjaGotALowTaperFade.exe

pid process

2360 NinjaGotALowTaperFade.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2988	MicrosoftWebHelper.exe

pid	process
2360	NinjaGotALowTaperFade.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

NinjaGotALowTaperFade.exe

description	pid	process	target process
PID 2360 wrote to memory of 2988	2360	NinjaGotALowTaperFade.exe	MicrosoftWebHelper.exe
PID 2360 wrote to memory of 2988	2360	NinjaGotALowTaperFade.exe	MicrosoftWebHelper.exe
PID 2360 wrote to memory of 2988	2360	NinjaGotALowTaperFade.exe	MicrosoftWebHelper.exe

C:\MicrosoftWebManager\MicrosoftWebHelper.exe
"C:\MicrosoftWebManager\MicrosoftWebHelper.exe"
2⤵
- Executes dropped EXE
PID:2988

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\MicrosoftWebManager\MicrosoftWebHelper.exe

Filesize
3.1MB

MD5
51519dec44b5e5a5350ca3a52207049c

SHA1
1675dc9f30bc0b9f150b94469eb9937be3c47a5a

SHA256
1fd9d600d4a83e76248ac860f0922292a5e124bf99510f346af0041c668e947b

SHA512
9f0a211cec627c59dcf7009ff99f6e1d15370628a314bfffb6d4cded935e44eeff3aebe81e21e3ce8691a64cf3893d07834b15619a2071db7ee3b942b1ffa4c5

Download Submit
memory/2360-5-0x000000013FB80000-0x000000013FCE8000-memory.dmp

Filesize
1.4MB

Download
memory/2988-6-0x000000013FA60000-0x000000013FBC8000-memory.dmp

Filesize
1.4MB

Download
memory/2988-7-0x000000013FA60000-0x000000013FBC8000-memory.dmp

Filesize
1.4MB

Download
memory/2988-8-0x000000013FA60000-0x000000013FBC8000-memory.dmp

Filesize
1.4MB

Download
memory/2988-10-0x000000013FA60000-0x000000013FBC8000-memory.dmp

Filesize
1.4MB

Download
memory/2988-11-0x000000013FA60000-0x000000013FBC8000-memory.dmp

Filesize
1.4MB

Download
memory/2988-13-0x000000013FA60000-0x000000013FBC8000-memory.dmp

Filesize
1.4MB

Download