12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691

General

Target

12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe
Size

6.6MB
MD5

64f3e14650cfa8ad34d2bf90cd41e082
SHA1

0d82a34f554342d30bea3fa21ebd7ec8e1fc395c
SHA256

12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691
SHA512

dd136047e2c33b42a72bffa39d280ab63f6b189368bc6b6ff8475731c517d644c6ccd4ae4a8f30c54ad28f9db69838b70c1a4a195dc0b66f47d09f2e0c692161
SSDEEP

98304:uCSa4v3dAm8U5ipZ1G7aLxZf1w51p6LDCv4olr4yWWsfTjyJmMoEKQpogf2D:ula4/N8BpmCDf251Xv4oNn6/yprp3S

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

hcbnaf.exe

pid process

2700 hcbnaf.exe
Loads dropped DLL 1 IoCs

Processes:

12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe

pid process

1888 12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exehcbnaf.exe

pid process

1888 12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe
2700 hcbnaf.exe

pid	process
2700	hcbnaf.exe

pid	process
1888	12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe

pid	process
1888	12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe
2700	hcbnaf.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe

description	pid	process	target process
PID 1888 wrote to memory of 2700	1888	12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe	hcbnaf.exe
PID 1888 wrote to memory of 2700	1888	12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe	hcbnaf.exe
PID 1888 wrote to memory of 2700	1888	12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe	hcbnaf.exe
PID 1888 wrote to memory of 2700	1888	12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe	hcbnaf.exe

C:\Users\Admin\AppData\Local\Temp\12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe
"C:\Users\Admin\AppData\Local\Temp\12f0f76abdf6223e604587f961c1aa9a5d423c38f2f807bc42b148861414c691.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1888

C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
"C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe"
2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2700

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hcbnaf.exe
Filesize
6.6MB

MD5
a3faec8c1e2ad37cb0ac0578ac5609f9

SHA1
75337d7da130f66ffe9f597e331a8691428a3176

SHA256
d20b7bd8e4b275450dbec5c7cf5f6a961702723ae1a8bd44469a9d74ca88c420

SHA512
dddd0f7748edca06cc7b35e7e38a891b2b67f40333b0731746e0f981d385d77cf1e409e77510809563a9cb96216e0a6a439fb62c430b1ccb72a5f188c58cf4a7

Download Submit
memory/1888-8-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1888-20-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1888-15-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1888-6-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1888-36-0x0000000000DC0000-0x0000000001827000-memory.dmp

Filesize
10.4MB

Download
memory/1888-38-0x0000000000DD1000-0x000000000118C000-memory.dmp

Filesize
3.7MB

Download
memory/1888-35-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1888-33-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/1888-30-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1888-28-0x0000000000190000-0x0000000000191000-memory.dmp

Filesize
4KB

Download
memory/1888-25-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1888-23-0x0000000000140000-0x0000000000141000-memory.dmp

Filesize
4KB

Download
memory/1888-39-0x0000000000DC0000-0x0000000001827000-memory.dmp

Filesize
10.4MB

Download
memory/1888-49-0x0000000000DC0000-0x0000000001827000-memory.dmp

Filesize
10.4MB

Download
memory/1888-18-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1888-11-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1888-10-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/1888-0-0x0000000000DC0000-0x0000000001827000-memory.dmp

Filesize
10.4MB

Download
memory/1888-13-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/1888-5-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/1888-3-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/1888-41-0x0000000000DC0000-0x0000000001827000-memory.dmp

Filesize
10.4MB

Download
memory/1888-48-0x00000000045C0000-0x0000000005027000-memory.dmp

Filesize
10.4MB

Download
memory/1888-1-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/1888-50-0x0000000000DD1000-0x000000000118C000-memory.dmp

Filesize
3.7MB

Download
memory/2700-93-0x0000000000E21000-0x00000000011DC000-memory.dmp

Filesize
3.7MB

Download
memory/2700-66-0x0000000000110000-0x0000000000111000-memory.dmp

Filesize
4KB

Download
memory/2700-76-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2700-89-0x0000000000E21000-0x00000000011DC000-memory.dmp

Filesize
3.7MB

Download
memory/2700-74-0x0000000000130000-0x0000000000131000-memory.dmp

Filesize
4KB

Download
memory/2700-91-0x0000000000E10000-0x0000000001877000-memory.dmp

Filesize
10.4MB

Download
memory/2700-90-0x0000000000E10000-0x0000000001877000-memory.dmp

Filesize
10.4MB

Download
memory/2700-71-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/2700-61-0x0000000000100000-0x0000000000101000-memory.dmp

Filesize
4KB

Download
memory/2700-56-0x00000000000F0000-0x00000000000F1000-memory.dmp

Filesize
4KB

Download
memory/2700-51-0x0000000000E10000-0x0000000001877000-memory.dmp

Filesize
10.4MB

Download
memory/2700-92-0x0000000000E10000-0x0000000001877000-memory.dmp

Filesize
10.4MB

Download

Analysis

Sharing