Overview

overview

7

Static

static

3

incognito/...au.dll

windows7-x64

7

incognito/...au.dll

windows10-2004-x64

7

incognito/...it.exe

windows7-x64

7

incognito/...it.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    1563s
  • max time network
    1564s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    27-05-2024 15:05

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    incognito/thegreatestexploit.exe

  • Size

    17.9MB

  • MD5

    985a7c5f0ee35a1984ed8b0c18847643

  • SHA1

    2bf0487f62ef4a521d3d51b01a4b8b2625de2a91

  • SHA256

    15aa7b28eb003b5bfea6679de772a34e59372f2155a87ba8f05ce8c4118e2e3e

  • SHA512

    9230cf00c8145e199586e478e7db307e75d729b98af24ec1b73e4893348380bd81affe436bee7aea8dc2e1b22d0b7e49af98428756a5832df22f5411e6e7a7d8

  • SSDEEP

    393216:qtabzFXC2ZKqm6GhXcrRwBsoM8km9XWkdQctnGHS4sak:5blKqm6GmSBs12Gkd/tG

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\incognito\thegreatestexploit.exe
    "C:\Users\Admin\AppData\Local\Temp\incognito\thegreatestexploit.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1672
    • C:\Users\Admin\AppData\Local\Temp\onefile_1672_133612964235410000\incognito.exe
      "C:\Users\Admin\AppData\Local\Temp\incognito\thegreatestexploit.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:2628

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\onefile_1672_133612964235410000\python311.dll
    Filesize

    5.5MB

    MD5

    9a24c8c35e4ac4b1597124c1dcbebe0f

    SHA1

    f59782a4923a30118b97e01a7f8db69b92d8382a

    SHA256

    a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

    SHA512

    9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

    Download Submit

  • \Users\Admin\AppData\Local\Temp\onefile_1672_133612964235410000\incognito.exe
    Filesize

    30.3MB

    MD5

    e988f89594fc2de75f8ad3e3297ae613

    SHA1

    421d4df07aeaa5ff86452cf07b26f418ac8c380f

    SHA256

    82e9b402d43b98c46188968af43976d0363613563322f0cf442c06bf4198e852

    SHA512

    f44f12415de9e6c9bd248aebd498ec5e6d53949dcdfe5b7b52e463050f607c78b152145d78b19c439f75ccc48a6e2576b53b33e44856765331c7fd4244530dd6

    Download Submit