33495950570e4cc1430d028a03b23a195f831c33a9ca452884e9328e29ae5449

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/06/2024, 10:58

Target

output.exe
Size

3.4MB
MD5

d595183a63c7ee731bb94281cb6ab811
SHA1

7485071a41c430effd8fa3882c39150d105b8194
SHA256

33495950570e4cc1430d028a03b23a195f831c33a9ca452884e9328e29ae5449
SHA512

c8a63d6bbe35181bcad95ca1027dc736ee397f4894f95284138a8a5d389262a200172c23f48844ecba432e5e52627135c4bec08bd76932478aac302373ea7081
SSDEEP

3072:Ip9g+u38plam6rkn3IQkpLyw74bMPntr+w:Ip9tuolakn4QW2wcbM9

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2732 wrote to memory of 2928	2732	output.exe	29
PID 2732 wrote to memory of 2928	2732	output.exe	29
PID 2732 wrote to memory of 2928	2732	output.exe	29

C:\Users\Admin\AppData\Local\Temp\output.exe
"C:\Users\Admin\AppData\Local\Temp\output.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2732
- C:\Windows\system32\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\7HWu6u3v.bat" "
  2⤵
  PID:2928

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\7HWu6u3v.bat

Filesize
5.1MB

MD5
db54e47922f242fe569f467b3b0e723a

SHA1
adaa66105a09bb0d22a911f0837e854c6487ee10

SHA256
34dfc7334ab60aa7e2479716cf540720cbddba16a0237797f7291dd50d0b5902

SHA512
77b07d25b27dde236959ce64ef971734ddbcbbfb99474372042843501df412b98f76e2d9fc489e720118cdcb0bb8f994e8d5c06c8b6c752ae061cf94188084d9

Download Submit
memory/2732-0-0x000007FEF5543000-0x000007FEF5544000-memory.dmp

Filesize
4KB

Download
memory/2732-1-0x0000000000270000-0x00000000005D8000-memory.dmp

Filesize
3.4MB

Download