2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe
Size

87KB
MD5

ab378d6539627c52dbfc272c83eb420c
SHA1

039060f0fdefbe0a62147a7bbad9b1a526a78d61
SHA256

2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2
SHA512

afe3be5f89ad67e2c4440d44c6ed890853eecb6cf34faed20d61ae49f30fa30a5cc390393b3ef4609a34a2121b6831cacf00ee6aa62c268e0b9fce0223bb0222
SSDEEP

1536:L7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIfNxFOy:Hq6+ouCpk2mpcWJ0r+QNTBfNZ

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe

description	pid	process	target process
PID 1708 wrote to memory of 1988	1708	2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe	cmd.exe
PID 1708 wrote to memory of 1988	1708	2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe	cmd.exe
PID 1708 wrote to memory of 1988	1708	2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe	cmd.exe
PID 1708 wrote to memory of 1988	1708	2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe	cmd.exe

C:\Users\Admin\AppData\Local\Temp\2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe
"C:\Users\Admin\AppData\Local\Temp\2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1708

C:\Windows\system32\cmd.exe
"C:\Windows\sysnative\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\3331.tmp\3332.tmp\3333.bat C:\Users\Admin\AppData\Local\Temp\2a0ac2b38c51d764422f55d55a0bca58be786c10b0b1386c5dce3055894c0ef2.exe"
2⤵
PID:1988

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\3331.tmp\3332.tmp\3333.bat
Filesize
202B

MD5
040dc40ccd7346ace502b30584d4d5a0

SHA1
886b8f5f079db8f5569235aa6dff74c1cf89942d

SHA256
f209745a8497c9b93a16dda0bf627dc88662184b00658013fec202e129f64450

SHA512
0319239eaebf27ff0f6c4be1b9f737da31d39faccbf47f6d0a0506d2771515928b38981d75365a0307defd530ff68b4de37d0af89519d052037782a741c7dc02

Download Submit