Analysis
-
max time kernel
132s -
max time network
101s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
-
submitted
22-05-2024 23:48
General
-
Target
$1/$OUTDIR/sftp_plugin/tc_sftp_uninstaller.exe
-
Size
59KB
-
MD5
e04b1bbeaff6221daf4d4ae0ed7fd00c
-
SHA1
cbe6a9e349a6711dc9e040e15ec32345c1bb7aee
-
SHA256
36b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b
-
SHA512
2f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334
-
SSDEEP
768:j9qjtOoh/pZbvc+HX+fFXSJA/mIj6qkzry8F9zGPVzISJRnHzioSe4bU/iXAB8+O:j0joUxZbE+HOI66qkryz9zIMipGVW3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\tc_sftp_uninstaller.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe"C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe" _?=C:\Users\Admin\AppData\Local\Temp\$1\$OUTDIR\sftp_plugin\2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exeFilesize
59KB
MD5e04b1bbeaff6221daf4d4ae0ed7fd00c
SHA1cbe6a9e349a6711dc9e040e15ec32345c1bb7aee
SHA25636b1104781e2c77a1e76593e697ac99621f27db3bfd5c282f7ae3579bf510a5b
SHA5122f8523b1fd5bed682dc841292a5523eabbd49fea71b1e088a5080c375ed8e67b22e95e60129516d96bd720845a1c27fd37fd993d1cadfd81296176f683066334