88cad3952c02dc2a6857ba73205d440d1326c051e7075bfb69a3429cb1f0a061

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/05/2024, 02:30 UTC

Target

bin/download/MiniTPFw.exe
Size

58KB
MD5

58bb62e88687791ad2ea5d8d6e3fe18b
SHA1

0ffb029064741d10c9cf3f629202aa97167883de
SHA256

f02fa7ddab2593492b9b68e3f485e59eb755380a9235f6269705f6d219dff100
SHA512

cd36b28f87be9cf718f0c44bf7c500d53186edc08889bcfa5222041ff31c5cbee509b186004480efbd99c36b2233182ae0969447f4051510e1771a73ed209da5
SSDEEP

768:BSODywYihzSrVPdQsNruuGYOLO3NNkFlBi1jSZIfjeGdJARt03juFGu:BSKywYDdQsQuG5L27Ui1SPRt0qf

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 2988	2872	MiniTPFw.exe	29
PID 2872 wrote to memory of 2988	2872	MiniTPFw.exe	29
PID 2872 wrote to memory of 2988	2872	MiniTPFw.exe	29
PID 2872 wrote to memory of 2988	2872	MiniTPFw.exe	29

C:\Users\Admin\AppData\Local\Temp\bin\download\MiniTPFw.exe
"C:\Users\Admin\AppData\Local\Temp\bin\download\MiniTPFw.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Users\Admin\AppData\Local\Temp\bin\download\ThunderFW.exe
  "C:\Users\Admin\AppData\Local\Temp\bin\download\ThunderFW.exe" MiniThunderPlatform2024-05-2902:31:04 "C:\Users\Admin\AppData\Local\Temp\bin\download\MiniThunderPlatform.exe"
  2⤵
  PID:2988

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact