Analysis

  • max time kernel
    144s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 15:36

General

  • Target

    bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe

  • Size

    833KB

  • MD5

    817448187726fbe0f2eaeb7c0679827c

  • SHA1

    5231b7576dfb51662998c326d35bbc1d868885b4

  • SHA256

    bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277

  • SHA512

    3075f9830d99e6a218f23a1b78f6813fc20c7dc33bf0d10bc989b1d7757eacefa6aa6b563426774e3f14f8eca612739781dae7a6053e95a58d0440ad8aee5e8f

  • SSDEEP

    12288:qbqkXJvhJW0x1DBwSaPJzjPtI1R9SIeTyv6MxJ/Y:IJ5Jd1tPiJNeSZ4vn

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 28 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
    "C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
      "C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:640
      • C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
        "C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1800
        • C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
          "C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:2568
          • C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
            "C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:1224
            • C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
              "C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"
              6⤵
              • Suspicious use of WriteProcessMemory
              PID:1660
              • C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
                "C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"
                7⤵
                • Suspicious use of WriteProcessMemory
                PID:2820
                • C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe
                  "C:\Users\Admin\AppData\Local\Temp\bd651d20c1c471eae1bf2cc72be3ec39fe79e7a3ba728b2d277ee7dcaac82277.exe"
                  8⤵
                    PID:3020

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

      Filesize

      70KB

      MD5

      49aebf8cbd62d92ac215b2923fb1b9f5

      SHA1

      1723be06719828dda65ad804298d0431f6aff976

      SHA256

      b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

      SHA512

      bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      4466fae6aefd31e9c3cb7a6c6c1807de

      SHA1

      9b0d2f76990eb490d65beca3a3ab7a60d33b39e5

      SHA256

      c62731aebee347e7670bc8bf7754f3e2836a91dda421ed972dc1206f3143ea79

      SHA512

      940c213b5ce35e5494f415854ae6d03f6e561adbc0866b6403a590e61fc2197cbc6cd3eba6ac7a3b30a06e4cc7e42ffb3760243863a715b1dec0c290b6ca3353

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      495bfc5c9ea745d1be8c373072903c69

      SHA1

      827403d93e42cc6b32b404ff4c7a9637c5214e1e

      SHA256

      67861f86a303bdc6bf37d2127af5937022fb4140f50f8a55ff79e85aa3aa3e0b

      SHA512

      7d86a36d89c9dd6100faad7ec460532800cbf6cf0af41d57965feb06f492ddd6cd7d6f21f8cc55f25cd901f3aba645a07ea70d437bb10f62d29b17bb1e9bf55b

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      121bb3ce6394b2002bfe4d2d6da87089

      SHA1

      5d02ad2968b3acae5c5b5d2cd259d4fc1be44bb8

      SHA256

      796dfa0bd7d90cd34fb2bc6753e7b4b7d78ca6232d653ab062413a575bd658bf

      SHA512

      75a3d93990fa78d1278eed1c71d4df1acd85eee36e9d5c7eabeaf41cd9ab76257d7e0f80df4cc595abccd4c616ccd7e2daeb778eb92c3303e9020cb58bce5e3f

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      adfe314dfd588d195b96e39b4a25dcd3

      SHA1

      5ca9a98e244cf4cc94b28ce3506e44828035cc70

      SHA256

      79b732680ced0399190e67698162ca8a9d783a7f787bc77421506ccd13e82d65

      SHA512

      746c97e7f8f22e7ee1479f4bb8a9b33e4cef96b28e43e4d3c6103f8066f8b5e9860dbe61ece638478a0eefe3d2e588e65057fec83b3fcaf54e5142d1704c7f3e

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      6737d07be8cf7ebeea4599944c2c6796

      SHA1

      2af209e61c22e55e9ac297982a08472995c92b23

      SHA256

      f1b077eb58a3d15d924c9b5814e7e047e2fcc380587014f7693b8965ecb3ce6e

      SHA512

      6b53779b4d343e0b279dc6402f1832ebea4465d41106a65431bb9da687948693aebca017bbf89598e65b875d7ed1573d97c2cb23a5538ee3cfbb457a47de4e4d

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      eccb8f71d531cef3146d5cf38b46c62d

      SHA1

      6312755fb60a2484b346801a09300679a828e7cc

      SHA256

      f8f36f8fd3ebf10f646d83db96df58b386113f42d628a68a5b7fcd1a606380f7

      SHA512

      357bd851479b2a8cf564d512ed6cf5d4f22b15ebad2474cc2b37a6a4797003ca5cd116a7117f9646896a664a99bd0ab118ed721b9d1f0c4848caf5e9e4e46feb

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

      Filesize

      342B

      MD5

      958f8723fa292e58d43bef94468a2451

      SHA1

      95f1707e0085583671b7fab2339b657dd32f3e99

      SHA256

      31106859beefc4e07716f841981033bc4c14eddf425e8ca621ed8079c8d7cd7a

      SHA512

      093c5c2380cfd92fcf385b32d3f8e1b019fade5bdfb11fef16695763ea32756f5f0868b48b1e9d34c95e428841c8c0e7acde95f033e262fc10359ab664516508

    • C:\Users\Admin\AppData\Local\Temp\SVL7CFF.tmp

      Filesize

      246KB

      MD5

      021a2d9d204d0e41731bc39ca10f4dfa

      SHA1

      2fa1f7d6dd81d981c7e075b8a13f56885388469b

      SHA256

      7bc8dc5a333c25c7b56c66f5a84a5876e458eafde24b166f2eaeecf0ada0e0e6

      SHA512

      ec32817f0dcc34ed9224c3fbcb6389809ff8f38ba23328af4ee53e512ee1ba02bb7d6ccc7c093cbd00d7d5690091a45a454285335e3e7622e9cd09134a9abc31

    • C:\Users\Admin\AppData\Local\Temp\SVLBA3B.tmp

      Filesize

      425B

      MD5

      cc8e2692a806a8e89c04251c634067de

      SHA1

      c5c7ab545b6f05ba704548b3a7e5f459df5e4459

      SHA256

      7f0e36f5e6e7c11f4dab7abdc6ef27886b1949002a4662cc5e0d0f8c2b36bc0f

      SHA512

      98cd546a5278033acb153eeb2fa5d5ad619d919c59d26587b316cd18e87fa1fe8ff4eb92b13dd0cdb55a012491533a9ab9f2329579f8effec88e1840ac645f32

    • C:\Users\Admin\AppData\Local\Temp\Tar2728.tmp

      Filesize

      181KB

      MD5

      4ea6026cf93ec6338144661bf1202cd1

      SHA1

      a1dec9044f750ad887935a01430bf49322fbdcb7

      SHA256

      8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

      SHA512

      6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b