83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90

Analysis

max time kernel
145s
max time network
149s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90.exe
Size

76KB
MD5

4c8984e6ebec2a34f95ed45d12c44ad4
SHA1

185deb099f20ef0bcb126d70d3f2f29ab91b2925
SHA256

83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90
SHA512

266146864251c01152972f3f650b0bb224b0d14b888569b1da29653a35e4a6ff8a92117f240b5cb39c7b22f47eda654b56e68b98dae2135ddc9f1b210436cc0c
SSDEEP

768:K9X2bnEpieDA62eIHwhzMnUJ30XbLt3EDEAndeVFioaOUwJByzIRg2vjJPlyRtqJ:IXaEoMA62ZYYUN0rxKOFTaOUzI5dyRtQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2228	mtvhits.exe

Loads dropped DLL 1 IoCs

pid	Process
2696	83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2228	2696	83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90.exe	28
PID 2696 wrote to memory of 2228	2696	83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90.exe	28
PID 2696 wrote to memory of 2228	2696	83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90.exe	28
PID 2696 wrote to memory of 2228	2696	83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90.exe	28

C:\Users\Admin\AppData\Local\Temp\83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90.exe
"C:\Users\Admin\AppData\Local\Temp\83dab155cc2e9491f7286082fccca4da94e42edb959dfa6ce414e4d5e0ba9c90.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\mtvhits.exe
  "C:\Users\Admin\AppData\Local\Temp\mtvhits.exe"
  2⤵
  - Executes dropped EXE
  PID:2228

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mtvhits.exe

Filesize
76KB

MD5
d8aa1f519ea853a97f3cf309c121aee2

SHA1
ed3125739a9db655159f4c966c0128a0d223bf67

SHA256
3a3216318a0812e346e707eeccd4f5848ae293b8726560c1f4582564aac4a39f

SHA512
ea45d57b8d5c4c7af669b13d293cad20bf4245d817fb073f2c3144582c63792decad03d4f970a06a4d283527c52bf653ef1dd173210dba25d8936ff1f7e1b560

Download Submit
memory/2228-12-0x0000000004000000-0x0000000004005000-memory.dmp

Filesize
20KB

Download
memory/2696-3-0x0000000004000000-0x0000000004005000-memory.dmp

Filesize
20KB

Download
memory/2696-1-0x0000000004000000-0x0000000004005000-memory.dmp

Filesize
20KB

Download
memory/2696-0-0x0000000004000000-0x0000000004005000-memory.dmp

Filesize
20KB

Download