Analysis
-
max time kernel
150s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
29-05-2024 14:43
General
-
Target
DATA DPR.exe
-
Size
920KB
-
MD5
a94f55d81f838e77fa3e5187c72e0f95
-
SHA1
72ab38cf2aa50c7358a0faa6d077b91d0898d20d
-
SHA256
f5e56a262514ad5036a1fbe91e3c9ebedf0d874e2d95a91cb7e9693f60d8d33e
-
SHA512
081f71a423a063fc566eba681a47c57bc2248fbcd20b451f6c9ac781c9d5061f89556a878b9559a1d0aa153d8b55610ab27b80ecbadc880eeb3b607d88fb1e8f
-
SSDEEP
24576:AMHDEzlk8VnuAibycLXe3tJACKnHMpxh:AUDEC8puAkW3tJAjnHO
Score
4/10
Malware Config
Signatures
-
Drops file in Windows directory 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 15 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\DATA DPR.exe"C:\Users\Admin\AppData\Local\Temp\DATA DPR.exe"1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c start C:\Windows\GameBarPresenceWriter\uefidriver.exe >nul2⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\DATA DPR.exe" MD5 | find /i /v "md5" | find /i /v "certutil"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\certutil.execertutil -hashfile "C:\Users\Admin\AppData\Local\Temp\DATA DPR.exe" MD53⤵
-
C:\Windows\system32\find.exefind /i /v "md5"3⤵
-
C:\Windows\system32\find.exefind /i /v "certutil"3⤵