a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0

Analysis

max time kernel
150s
max time network
149s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:21

Target

a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe
Size

5KB
MD5

3cf2ab1f2fc87feee41193bcce48bebb
SHA1

a42c2c0d2d7b3c133acd9d77aed648ec185f5c56
SHA256

a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0
SHA512

fcf278f2c95676a9d1f59d52bf36b6cb0002189d3c8f70a9cd98678b17e92e67c15880ead6be45c94051484588fd5c016e891987edba79cd1fe3a361c02bb708
SSDEEP

48:6heXLJmTctNPGCvLHmCyYLpHf/UzEVnQBG/RACalGUh2CS7DD:QwmYtPvLGax/wAnQWRRUh2CqD

Score

7^/10

Deletes itself 1 IoCs

Processes:

gffos.exe

pid process

2688 gffos.exe
Executes dropped EXE 1 IoCs

Processes:

gffos.exe

pid process

2688 gffos.exe

pid	process
2688	gffos.exe

pid	process
2688	gffos.exe

Loads dropped DLL 2 IoCs

Processes:

a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe

pid	process
2876	a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe
2876	a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe

description	pid	process	target process
PID 2876 wrote to memory of 2688	2876	a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe	gffos.exe
PID 2876 wrote to memory of 2688	2876	a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe	gffos.exe
PID 2876 wrote to memory of 2688	2876	a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe	gffos.exe
PID 2876 wrote to memory of 2688	2876	a4536e60ac49c8b13bc26a46e7cb9749a49f6127be4d9f263704fee32914a9a0.exe	gffos.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\RCH2005[1].htm

Filesize
526B

MD5
b9e0bcc825a855a4cf5a55244337dece

SHA1
3bafbc7f40c4ac5fbf4e0f39fd5a2a0df88e3c49

SHA256
92e695e79282d062c99876a6c09d8d7abb766fd6fbbd09d4adf0edb053d03541

SHA512
ffd1aeb60874ca8f4e72c55c790898964705b6ba4c4b0102777339c9a69886d2816c696623e1bea186bb152195c4ec1066af10c84a95e64b24b09efc148ab00d

Download Submit
\Users\Admin\AppData\Local\Temp\gffos.exe

Filesize
5KB

MD5
f7ab6b0fbe947f2343012bde56f936db

SHA1
2f5885623e8f1e3beb7ea6c1a9f9faab80894918

SHA256
f6c9cf341f3eb5ed45c180fe6db003c9c1d0668286699cbff4c0c80f92e0f564

SHA512
fdea6acb1805281b0b488fdbfe12cceeff4962d8b3757c9fbd881fdf12e6ab0d4716fa78c6796ae75a6d5d0848a826054b3a04bfa6c90a60e8e557c60a0bdbbf

Download Submit