Analysis
-
max time kernel
144s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
11-06-2024 01:07
Behavioral task
behavioral1
Sample
01535f848bb62396cb5bf1fc9c12e150.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
01535f848bb62396cb5bf1fc9c12e150.exe
Resource
win10v2004-20240508-en
General
-
Target
01535f848bb62396cb5bf1fc9c12e150.exe
-
Size
46KB
-
MD5
01535f848bb62396cb5bf1fc9c12e150
-
SHA1
d88b03f859e560f98e6c38608b67d0bfebfa2adf
-
SHA256
c40efbf93b7feaf8fa9ceb44f03c0fa1093faca4f050f29937f3ac0d591f457e
-
SHA512
09f18313408ce91a9707d56c875d0ca2d9073bbb61c53fb3a5666b84709f32bf2439d736c6c729c8864bf317949bfcc08d00af037d7a33a30d178b29293cb7b6
-
SSDEEP
768:r8eRH+MlFh0pXrL4i6sh7iQroCHmmbk26b5:r9l+Gi6sh7iQroCL2
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2432 bkgrnd.exe -
Loads dropped DLL 1 IoCs
pid Process 1596 01535f848bb62396cb5bf1fc9c12e150.exe -
resource yara_rule behavioral1/memory/1596-0-0x0000000000400000-0x000000000040F000-memory.dmp upx behavioral1/files/0x000c00000001227e-5.dat upx behavioral1/memory/1596-9-0x0000000000400000-0x000000000040F000-memory.dmp upx behavioral1/memory/2432-13-0x0000000000400000-0x000000000040F000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1596 wrote to memory of 2432 1596 01535f848bb62396cb5bf1fc9c12e150.exe 28 PID 1596 wrote to memory of 2432 1596 01535f848bb62396cb5bf1fc9c12e150.exe 28 PID 1596 wrote to memory of 2432 1596 01535f848bb62396cb5bf1fc9c12e150.exe 28 PID 1596 wrote to memory of 2432 1596 01535f848bb62396cb5bf1fc9c12e150.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\01535f848bb62396cb5bf1fc9c12e150.exe"C:\Users\Admin\AppData\Local\Temp\01535f848bb62396cb5bf1fc9c12e150.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1596 -
C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe"C:\Users\Admin\AppData\Local\Temp\bkgrnd.exe"2⤵
- Executes dropped EXE
PID:2432
-
Network
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestgwentcarsales.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
Remote address:8.8.8.8:53Requestlanoguard.co.ukIN A
-
325 B 5
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
-
325 B 5
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
-
305 B 5
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
-
305 B 5
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
-
325 B 5
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
-
325 B 5
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
-
305 B 5
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
-
305 B 5
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
-
325 B 5
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
-
325 B 5
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
DNS Request
gwentcarsales.co.uk
-
305 B 5
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
-
244 B 4
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
DNS Request
lanoguard.co.uk
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
46KB
MD52156d0806f102f96720e424551a02d73
SHA1ad540454b155e0f954a54ee488fbc882c4c2e41e
SHA25618cbe68e1061e75250bc474708d4801374229996a98c44df14cafd0a151078b9
SHA5122389721e4b45d68062fc93ebbeef37f0677cc9c9e6257eda48a4b442f8810bd12584d2cef88225d36356523233342f22b5f0a73a6fa0aa2a197b28ff554af306