1b475e95186ce2a8843516be389b66a6c53c6b77bdac33ffcf5d00af133e7570

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 07:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

main.exe
Size

17.5MB
MD5

92f642212cdbe6ac3a8e6f48243a2489
SHA1

6c5b3c6fa506dc92cd0bb4aa36dc4ccdac77a727
SHA256

ef24286fb0f5c05f739109f955521ae44bc74b52414c05722a06daccc07ca4e6
SHA512

0af07851e1d2f014efe2ca6a943999cb746fa595dca564b18d3226bbb4866f4c4c642d6eaa2126297cbcb11fdcaa6c721a24c44d678aa643e1e2a32029480e95
SSDEEP

393216:oJT9O22UETklFz4Uu1u2u+rJvtNqe6ZNIllZEzhtMkQ:oJhTETklx4Uu1xfd1Km/EzhvQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

main.exe

pid process

2604 main.exe
Loads dropped DLL 2 IoCs

Processes:

main.exemain.exe

pid process

1968 main.exe
2604 main.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2604	main.exe

pid	process
1968	main.exe
2604	main.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

main.exe

description	pid	process	target process
PID 1968 wrote to memory of 2604	1968	main.exe	main.exe
PID 1968 wrote to memory of 2604	1968	main.exe	main.exe
PID 1968 wrote to memory of 2604	1968	main.exe	main.exe

C:\Users\Admin\AppData\Local\Temp\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1968

C:\Users\Admin\AppData\Local\Temp\onefile_1968_133608371986580000\main.exe
"C:\Users\Admin\AppData\Local\Temp\main.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2604

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1968_133608371986580000\python311.dll
Filesize
5.5MB

MD5
58e01abc9c9b5c885635180ed104fe95

SHA1
1c2f7216b125539d63bd111a7aba615c69deb8ba

SHA256
de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837

SHA512
cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1968_133608371986580000\main.exe
Filesize
15.0MB

MD5
b47518a173e1dd0c6064a0e4c19b16dd

SHA1
63e59684ffe68cf6491fdc8e0ada2beac232456e

SHA256
eef1b2d466cfd73df414c4088a7f0b85bec5afc1cb7eedb529223032269704be

SHA512
814a00260d125ca08887c5e405eddfa2fee5bb57e155ceb15c20c50d88144ab6c3a3c08c23a9a82e7bcdf0dd3a4199880d2a2d45d7978595dd4fdb174c7c9a8a

Download Submit