Analysis

  • max time kernel
    120s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20240611-en
  • resource tags

    arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
  • submitted
    13-06-2024 21:59

General

  • Target

    SKMT390028.exe

  • Size

    1.1MB

  • MD5

    ec61712c6c60c8249e591ea6d64db59a

  • SHA1

    1692ee6f1e0a6bf32407a781dd4c9aba3a737d26

  • SHA256

    06eff0b0dc021ab79b61bc72aff871df18c73bc518b9a7116124f86828ea630c

  • SHA512

    f1317454e15a8fdb1a407ea3c38d53fb6b422b878f721f701bae1c60a5ae5590dbe50b60ece1bd7d811bd8087669ae5c331b2ace1af76948d102c82ff864fda6

  • SSDEEP

    24576:W6nVMk+HIj90cNHX7Jp4KQJeyYFZdCWoeemJsIbWxkwIkKBqSI1xij9O:NVz7tVrJG/JeVZiYJ6xEkrSeic

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\SKMT390028.exe
    "C:\Users\Admin\AppData\Local\Temp\SKMT390028.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2172
    • C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\RarSFX0\xepm.vbe"
      2⤵
        PID:2664

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\xepm.vbe

      Filesize

      113KB

      MD5

      33501205e81570bb9df5c3958d002638

      SHA1

      01c26d2b651680acc4b7d6a04064b7a8e514cb4a

      SHA256

      86b89a4e4ac35f94ed0335d811a5876497762d52a5be99b27b73c9d8d8d097cc

      SHA512

      abe4bef198a6e803ef591cb19c7773ef5c1bca8049366e5b6acf5701121f307e59fd8279bc1e7fc93d12352a9112ff27a846a8219cfd2fb4a5c16b5556d2f3c9