0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb

Analysis

max time kernel
149s
max time network
151s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:03

Target

0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe
Size

5KB
MD5

a6edc88e45cdddefc02dcaaa6c0ffc2f
SHA1

37ccc25cc0e31a3d26047b13886b2c2072081cc5
SHA256

0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb
SHA512

6a890cb1c1a1e2a2ab87604a64ed4d3e2e922fd5753dea55155e0daf3d469388d9631ba5f8cc5f2cae44f178735029952374bdea480481f14988484f274c05e6
SSDEEP

48:6pTlYrITctYG+vLHmCyYfJyMmw9jAUzEVnQBG/RACalGUbw2CS7DD:mBLYtOvLGazZ6wAnQWRRUbw2CqD

Score

7^/10

Deletes itself 1 IoCs

Processes:

denis.exe

pid process

868 denis.exe
Executes dropped EXE 1 IoCs

Processes:

denis.exe

pid process

868 denis.exe

pid	process
868	denis.exe

pid	process
868	denis.exe

Loads dropped DLL 2 IoCs

Processes:

0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe

pid	process
2856	0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe
2856	0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe

description	pid	process	target process
PID 2856 wrote to memory of 868	2856	0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe	denis.exe
PID 2856 wrote to memory of 868	2856	0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe	denis.exe
PID 2856 wrote to memory of 868	2856	0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe	denis.exe
PID 2856 wrote to memory of 868	2856	0833c4e8e1125dbc4ec18d3803be63778cf3cb2d1a77c8398f3b380c1c7e25cb.exe	denis.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ZQLLOZN\1305UKdw[1].htm

Filesize
278B

MD5
9fa1cef991fe6e8541a0c8fb5aa3a5b9

SHA1
59851a273d54ea0d43eccd328cfa594e14f7a352

SHA256
98fce9f1f8d8acce3e1c12cd42d8466d57b54ce3d78160229a0f58d7091bbbfa

SHA512
a007ef97dd8fcf2b09ceca0f56948e06fa53f86833436d5b1915dd9b622d797fd1b1a65f33ea9c46931cbda1b921ace8b66ac5713beded0c4ef56e279eb35134

Download Submit
C:\Users\Admin\AppData\Local\Temp\denis.exe

Filesize
5KB

MD5
59c69e80813ccfb47a1e0664b6daed4e

SHA1
5e8eab93edc36f310f57f8839a99921f4dfaa86c

SHA256
79e958347934d15783b07e4a2ef9d3036ba7686bdeb95b019211b5e56154cbc0

SHA512
25bd964002087e9e5be8c6c42e4d336d6499fbb5644657912a38c3a6818494726ba94dd7704fffa921c39418396aab31bb321f53812e7274f4cf69ea06154bf7

Download Submit