fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753

Analysis

max time kernel
120s
max time network
125s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
28/05/2024, 03:52

Target

fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753.exe
Size

345KB
MD5

71e3c7b5ecfdcbf7038d77f9652338f9
SHA1

421cf175596f3f7e5280f3f32353d5bb791dc9bd
SHA256

fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753
SHA512

5ddd11de80463296cd80db331fff7f5b1d3ba738c99841699c89787ec1003528cf2114dda8968b251bd2adb0c043eea71ec956e19e5839bd26861b69095a767d
SSDEEP

6144:QiubWrNSOetO6cprlQAOWizGLIoSd1oUZrHr:3ubsNSOetfARQAPyGUbHrL

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 2456	1688	fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753.exe	28
PID 1688 wrote to memory of 2456	1688	fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753.exe	28
PID 1688 wrote to memory of 2456	1688	fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753.exe	28
PID 1688 wrote to memory of 2456	1688	fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753.exe	28

C:\Users\Admin\AppData\Local\Temp\fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753.exe
"C:\Users\Admin\AppData\Local\Temp\fe10bbbdc690f616fb0f4ca919aa3f83af2143df033f86efd0476fd4783f8753.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg.vbs"
  2⤵
  PID:2456

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\RarSFX0\msg.vbs

Filesize
95B

MD5
4aa032cfceb532143c5a553672b261db

SHA1
e62df84c3be4bc267194bbfcc92c4a06ce127df7

SHA256
19bed34ab6b7db38da35a55fcb86db87479721cca06a512124ee7bcc792b1207

SHA512
57eed00fc37277db1cccff20128c559e8895f42a6a02446d357a64947faf40213b0fdbb5cfdfaeeac49fb84b33bc06bc527a121a00f5025c03ce2bfad8046acb

Download Submit