Analysis
-
max time kernel
144s -
max time network
143s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
12/06/2024, 15:36
Static task
static1
Behavioral task
behavioral1
Sample
bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
Resource
win10v2004-20240611-en
General
-
Target
bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
-
Size
833KB
-
MD5
817448187726fbe0f2eaeb7c0679827c
-
SHA1
5231b7576dfb51662998c326d35bbc1d868885b4
-
SHA256
bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277
-
SHA512
3075f9830d99e6a218f23a1b78f6813fc20c7dc33bf0d10bc989b1d7757eacefa6aa6b563426774e3f14f8eca612739781dae7a6053e95a58d0440ad8aee5e8f
-
SSDEEP
12288:qbqkXJvhJW0x1DBwSaPJzjPtI1R9SIeTyv6MxJ/Y:IJ5Jd1tPiJNeSZ4vn
Malware Config
Signatures
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 28 IoCs
description pid Process procid_target PID 2212 wrote to memory of 640 2212 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 28 PID 2212 wrote to memory of 640 2212 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 28 PID 2212 wrote to memory of 640 2212 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 28 PID 2212 wrote to memory of 640 2212 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 28 PID 640 wrote to memory of 1800 640 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 29 PID 640 wrote to memory of 1800 640 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 29 PID 640 wrote to memory of 1800 640 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 29 PID 640 wrote to memory of 1800 640 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 29 PID 1800 wrote to memory of 2568 1800 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 32 PID 1800 wrote to memory of 2568 1800 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 32 PID 1800 wrote to memory of 2568 1800 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 32 PID 1800 wrote to memory of 2568 1800 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 32 PID 2568 wrote to memory of 1224 2568 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 33 PID 2568 wrote to memory of 1224 2568 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 33 PID 2568 wrote to memory of 1224 2568 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 33 PID 2568 wrote to memory of 1224 2568 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 33 PID 1224 wrote to memory of 1660 1224 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 34 PID 1224 wrote to memory of 1660 1224 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 34 PID 1224 wrote to memory of 1660 1224 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 34 PID 1224 wrote to memory of 1660 1224 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 34 PID 1660 wrote to memory of 2820 1660 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 35 PID 1660 wrote to memory of 2820 1660 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 35 PID 1660 wrote to memory of 2820 1660 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 35 PID 1660 wrote to memory of 2820 1660 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 35 PID 2820 wrote to memory of 3020 2820 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 36 PID 2820 wrote to memory of 3020 2820 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 36 PID 2820 wrote to memory of 3020 2820 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 36 PID 2820 wrote to memory of 3020 2820 bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe 36
Processes
-
C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2212 -
C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"2⤵
- Suspicious use of WriteProcessMemory
PID:640 -
C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"3⤵
- Suspicious use of WriteProcessMemory
PID:1800 -
C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"4⤵
- Suspicious use of WriteProcessMemory
PID:2568 -
C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"5⤵
- Suspicious use of WriteProcessMemory
PID:1224 -
C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"6⤵
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"7⤵
- Suspicious use of WriteProcessMemory
PID:2820 -
C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"8⤵PID:3020
-
-
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
70KB
MD549aebf8cbd62d92ac215b2923fb1b9f5
SHA11723be06719828dda65ad804298d0431f6aff976
SHA256b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f
SHA512bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD54466fae6aefd31e9c3cb7a6c6c1807de
SHA19b0d2f76990eb490d65beca3a3ab7a60d33b39e5
SHA256c62731aebee347e7670bc8bf7754f3e2836a91dda421ed972dc1206f3143ea79
SHA512940c213b5ce35e5494f415854ae6d03f6e561adbc0866b6403a590e61fc2197cbc6cd3eba6ac7a3b30a06e4cc7e42ffb3760243863a715b1dec0c290b6ca3353
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5495bfc5c9ea745d1be8c373072903c69
SHA1827403d93e42cc6b32b404ff4c7a9637c5214e1e
SHA25667861f86a303bdc6bf37d2127af5937022fb4140f50f8a55ff79e85aa3aa3e0b
SHA5127d86a36d89c9dd6100faad7ec460532800cbf6cf0af41d57965feb06f492ddd6cd7d6f21f8cc55f25cd901f3aba645a07ea70d437bb10f62d29b17bb1e9bf55b
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5121bb3ce6394b2002bfe4d2d6da87089
SHA15d02ad2968b3acae5c5b5d2cd259d4fc1be44bb8
SHA256796dfa0bd7d90cd34fb2bc6753e7b4b7d78ca6232d653ab062413a575bd658bf
SHA51275a3d93990fa78d1278eed1c71d4df1acd85eee36e9d5c7eabeaf41cd9ab76257d7e0f80df4cc595abccd4c616ccd7e2daeb778eb92c3303e9020cb58bce5e3f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5adfe314dfd588d195b96e39b4a25dcd3
SHA15ca9a98e244cf4cc94b28ce3506e44828035cc70
SHA25679b732680ced0399190e67698162ca8a9d783a7f787bc77421506ccd13e82d65
SHA512746c97e7f8f22e7ee1479f4bb8a9b33e4cef96b28e43e4d3c6103f8066f8b5e9860dbe61ece638478a0eefe3d2e588e65057fec83b3fcaf54e5142d1704c7f3e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD56737d07be8cf7ebeea4599944c2c6796
SHA12af209e61c22e55e9ac297982a08472995c92b23
SHA256f1b077eb58a3d15d924c9b5814e7e047e2fcc380587014f7693b8965ecb3ce6e
SHA5126b53779b4d343e0b279dc6402f1832ebea4465d41106a65431bb9da687948693aebca017bbf89598e65b875d7ed1573d97c2cb23a5538ee3cfbb457a47de4e4d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5eccb8f71d531cef3146d5cf38b46c62d
SHA16312755fb60a2484b346801a09300679a828e7cc
SHA256f8f36f8fd3ebf10f646d83db96df58b386113f42d628a68a5b7fcd1a606380f7
SHA512357bd851479b2a8cf564d512ed6cf5d4f22b15ebad2474cc2b37a6a4797003ca5cd116a7117f9646896a664a99bd0ab118ed721b9d1f0c4848caf5e9e4e46feb
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize342B
MD5958f8723fa292e58d43bef94468a2451
SHA195f1707e0085583671b7fab2339b657dd32f3e99
SHA25631106859beefc4e07716f841981033bc4c14eddf425e8ca621ed8079c8d7cd7a
SHA512093c5c2380cfd92fcf385b32d3f8e1b019fade5bdfb11fef16695763ea32756f5f0868b48b1e9d34c95e428841c8c0e7acde95f033e262fc10359ab664516508
-
Filesize
246KB
MD5021a2d9d204d0e41731bc39ca10f4dfa
SHA12fa1f7d6dd81d981c7e075b8a13f56885388469b
SHA2567bc8dc5a333c25c7b56c66f5a84a5876e458eafde24b166f2eaeecf0ada0e0e6
SHA512ec32817f0dcc34ed9224c3fbcb6389809ff8f38ba23328af4ee53e512ee1ba02bb7d6ccc7c093cbd00d7d5690091a45a454285335e3e7622e9cd09134a9abc31
-
Filesize
425B
MD5cc8e2692a806a8e89c04251c634067de
SHA1c5c7ab545b6f05ba704548b3a7e5f459df5e4459
SHA2567f0e36f5e6e7c11f4dab7abdc6ef27886b1949002a4662cc5e0d0f8c2b36bc0f
SHA51298cd546a5278033acb153eeb2fa5d5ad619d919c59d26587b316cd18e87fa1fe8ff4eb92b13dd0cdb55a012491533a9ab9f2329579f8effec88e1840ac645f32
-
Filesize
181KB
MD54ea6026cf93ec6338144661bf1202cd1
SHA1a1dec9044f750ad887935a01430bf49322fbdcb7
SHA2568efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8
SHA5126c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b