Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
26-05-2024 07:50
Static task
static1
Behavioral task
behavioral1
Sample
efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe
Resource
win7-20240419-en
General
-
Target
efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe
-
Size
120KB
-
MD5
4e1e436848d533c9a00b762ac148786d
-
SHA1
42962a264fbdbc96eb8267052298be9143ecd8bf
-
SHA256
efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd
-
SHA512
59d16efac5f0ea7c62d18ef30032eba907b8d6c097463a8244f3d709c85b90ec12387c94a4d8a35dfb59d0cbd2dc02d0b39a1f6bd12c5ccd050d552070fdf30d
-
SSDEEP
3072:EV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPxJ:pt5hBPi0BW69hd1MMdxPe9N9uA069TBz
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exedescription pid process target process PID 2236 wrote to memory of 2108 2236 efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe cmd.exe PID 2236 wrote to memory of 2108 2236 efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe cmd.exe PID 2236 wrote to memory of 2108 2236 efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe cmd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe"C:\Users\Admin\AppData\Local\Temp\efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2236 -
C:\Windows\system32\cmd.exe"C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6B5.tmp\6B6.tmp\6B7.bat C:\Users\Admin\AppData\Local\Temp\efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe"2⤵PID:2108
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
230B
MD5abdb6860d790577e02cca5005866bbe8
SHA16c87a9e8b0b29ffe358c079a54f06dd9ef5cfb37
SHA256ee13e97e15c3a2f432a7bfd3af278aa38ff88baa7652ea0bfb2e5d9bf5adb8f0
SHA5121bbcf1d4540019aa392234e91e7629fd9f61240b8d7003df3404536810e639f7019a60bb74c2a08be5f855fd96923d0f8e0cdf7fa3a3d25e1e5829487a959fce