Analysis

  • max time kernel
    121s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20240419-en
  • resource tags

    arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
  • submitted
    26-05-2024 07:50

General

  • Target

    efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe

  • Size

    120KB

  • MD5

    4e1e436848d533c9a00b762ac148786d

  • SHA1

    42962a264fbdbc96eb8267052298be9143ecd8bf

  • SHA256

    efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd

  • SHA512

    59d16efac5f0ea7c62d18ef30032eba907b8d6c097463a8244f3d709c85b90ec12387c94a4d8a35dfb59d0cbd2dc02d0b39a1f6bd12c5ccd050d552070fdf30d

  • SSDEEP

    3072:EV3J6kkt5h1X+HqTi0BW69hd1MMdxPe9N9uA0/+hL9TBfnPxJ:pt5hBPi0BW69hd1MMdxPe9N9uA069TBz

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe
    "C:\Users\Admin\AppData\Local\Temp\efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2236
    • C:\Windows\system32\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\6B5.tmp\6B6.tmp\6B7.bat C:\Users\Admin\AppData\Local\Temp\efcd31afd704c03d8a487a06c795bba7ea0a1cde0866d8fcfd40f4c3ce197bbd.exe"
      2⤵
        PID:2108

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\6B5.tmp\6B6.tmp\6B7.bat

      Filesize

      230B

      MD5

      abdb6860d790577e02cca5005866bbe8

      SHA1

      6c87a9e8b0b29ffe358c079a54f06dd9ef5cfb37

      SHA256

      ee13e97e15c3a2f432a7bfd3af278aa38ff88baa7652ea0bfb2e5d9bf5adb8f0

      SHA512

      1bbcf1d4540019aa392234e91e7629fd9f61240b8d7003df3404536810e639f7019a60bb74c2a08be5f855fd96923d0f8e0cdf7fa3a3d25e1e5829487a959fce