Analysis
-
max time kernel
121s -
max time network
128s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
02/06/2024, 22:29
Static task
static1
Behavioral task
behavioral1
Sample
fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe
Resource
win10v2004-20240508-en
General
-
Target
fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe
-
Size
1.9MB
-
MD5
76e25df71338301932c5b8aade8d479a
-
SHA1
fbf138d299e0f7c2599cfbce8d77054357750d92
-
SHA256
fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5
-
SHA512
cfaae97d691e68db5dd811af25e0221d50e7f9a6bb3647792ba9ee5733169bf8b58c4f0d34a5b557c259e6d72c850bb5cc1e6a53d1b1d4e7eb0ff0c7bcb4db04
-
SSDEEP
24576:f/ndghONSC29PdD9DecME/Ccf2gpgGVB/actsMNqkPW2E1Y0:fmhOP2pXD1+gp1rswE1Y0
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 8 IoCs
description pid Process procid_target PID 2228 wrote to memory of 1608 2228 fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe 30 PID 2228 wrote to memory of 1608 2228 fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe 30 PID 2228 wrote to memory of 1608 2228 fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe 30 PID 2228 wrote to memory of 1608 2228 fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe 30 PID 2228 wrote to memory of 1276 2228 fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe 32 PID 2228 wrote to memory of 1276 2228 fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe 32 PID 2228 wrote to memory of 1276 2228 fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe 32 PID 2228 wrote to memory of 1276 2228 fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe 32
Processes
-
C:\Users\Admin\AppData\Local\Temp\fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe"C:\Users\Admin\AppData\Local\Temp\fdb4e10d1f83e739b67a66405db7a7faecbe0732084ff142b32ddda11384f5a5.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2228 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\~RomDmp1\RomDump.com > C:\Users\Admin\AppData\Local\Temp\~RomDmp1\Rom.dmp2⤵PID:1608
-
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /C C:\Users\Admin\AppData\Local\Temp\~RomDmp1\RomDump.com > C:\Users\Admin\AppData\Local\Temp\~RomDmp1\Rom.dmp2⤵PID:1276
-