4fd5453390d3915c066b008dfa65ffb47d3922c124b4d5c098324f95f8a934fa

Analysis

max time kernel
121s
max time network
127s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
30-05-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

incognito/thegreatestexploit.exe
Size

17.9MB
MD5

985a7c5f0ee35a1984ed8b0c18847643
SHA1

2bf0487f62ef4a521d3d51b01a4b8b2625de2a91
SHA256

15aa7b28eb003b5bfea6679de772a34e59372f2155a87ba8f05ce8c4118e2e3e
SHA512

9230cf00c8145e199586e478e7db307e75d729b98af24ec1b73e4893348380bd81affe436bee7aea8dc2e1b22d0b7e49af98428756a5832df22f5411e6e7a7d8
SSDEEP

393216:qtabzFXC2ZKqm6GhXcrRwBsoM8km9XWkdQctnGHS4sak:5blKqm6GmSBs12Gkd/tG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2648	incognito.exe

Loads dropped DLL 2 IoCs

pid	Process
1200	thegreatestexploit.exe
2648	incognito.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1200 wrote to memory of 2648	1200	thegreatestexploit.exe	29
PID 1200 wrote to memory of 2648	1200	thegreatestexploit.exe	29
PID 1200 wrote to memory of 2648	1200	thegreatestexploit.exe	29

C:\Users\Admin\AppData\Local\Temp\incognito\thegreatestexploit.exe
"C:\Users\Admin\AppData\Local\Temp\incognito\thegreatestexploit.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1200
- C:\Users\Admin\AppData\Local\Temp\onefile_1200_133615731076168000\incognito.exe
  "C:\Users\Admin\AppData\Local\Temp\incognito\thegreatestexploit.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2648

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:1672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1200_133615731076168000\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1200_133615731076168000\incognito.exe

Filesize
30.3MB

MD5
e988f89594fc2de75f8ad3e3297ae613

SHA1
421d4df07aeaa5ff86452cf07b26f418ac8c380f

SHA256
82e9b402d43b98c46188968af43976d0363613563322f0cf442c06bf4198e852

SHA512
f44f12415de9e6c9bd248aebd498ec5e6d53949dcdfe5b7b52e463050f607c78b152145d78b19c439f75ccc48a6e2576b53b33e44856765331c7fd4244530dd6

Download Submit