62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
13/06/2024, 01:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe
Size

11.9MB
MD5

530ef95c939adbf2ca3bacbe4cb044a6
SHA1

2a6ee172d79525e947f1db018c889ff6a4fe63ea
SHA256

62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782
SHA512

ace33d21582d2c0c06d78870a707717ee9dcf0053b78fabfb1668ac62c3f803f28793b2524d9831558c49daa7455c2f7f6b163d93a4d85ebd0a55b5a2f6fb73d
SSDEEP

196608:poGYg+uqoXh8V2KQqGfyxXIicOExzUx8Bssun3f6B2+H3O2qlf+noV:qGYtMh8V2KQH6uBsc9XO22GoV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2840	62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe
File opened (read-only)	\??\D:	62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe
File opened (read-only)	\??\E:	62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 3052	2104	62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe	28
PID 2104 wrote to memory of 3052	2104	62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe	28
PID 2104 wrote to memory of 3052	2104	62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe	28
PID 2104 wrote to memory of 3052	2104	62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe	28
PID 3052 wrote to memory of 2840	3052	cmd.exe	30
PID 3052 wrote to memory of 2840	3052	cmd.exe	30
PID 3052 wrote to memory of 2840	3052	cmd.exe	30
PID 3052 wrote to memory of 2840	3052	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe
"C:\Users\Admin\AppData\Local\Temp\62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe"
1⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\AE308B2C898F43109741D444E1097C30.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3052
- - F:\996m2\62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe
    "F:/996m2/62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe"
    3⤵
    - Executes dropped EXE
    PID:2840

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AE308B2C898F43109741D444E1097C30.bat

Filesize
81B

MD5
2aa57f1f0fbbeb6826b350bc113c5eab

SHA1
7e91ef112ea4e956773d11a97457350256d8d775

SHA256
56d3d32fe7e0c30e35d62d2c7a495cc89c9b042b3bd65f206bdfef3c5f94b8c4

SHA512
437c8067bc46a2d95ae866753cee13deccfb4c9b8f73929c4041b45426ddd64d942a92910051367647b509c8b738b238a7885c1af6ff9232f2eae4216fc5b09b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ÄÉÆæÀÏ±ùÑ©.ini

Filesize
69B

MD5
d892f1d37b62f44d88fe4579ff02a71d

SHA1
c4f2d5538fa67d15bef20d862095847e9b8505d7

SHA256
215c44a81bc0aa57ad5903485552b903e87a90683ef94b129e490c6b9fab1879

SHA512
40974a84582b565f2d9f2368358d4656c08c0d4663e5a91b6c14a69f3a20d2cdcb977bc47f82c5c3bb842efd69928cb1b34dd3311316ab5555c2dae3b29150df

Download Submit
F:\996m2\62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782.exe

Filesize
11.9MB

MD5
530ef95c939adbf2ca3bacbe4cb044a6

SHA1
2a6ee172d79525e947f1db018c889ff6a4fe63ea

SHA256
62fdbb87ea17bf66d17a353e932c74cdaaed6fbc6881762b3e13925dde8e5782

SHA512
ace33d21582d2c0c06d78870a707717ee9dcf0053b78fabfb1668ac62c3f803f28793b2524d9831558c49daa7455c2f7f6b163d93a4d85ebd0a55b5a2f6fb73d

Download Submit
memory/2104-0-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2104-22-0x0000000000400000-0x0000000000F14000-memory.dmp

Filesize
11.1MB

Download
memory/2840-13-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2840-23-0x0000000000400000-0x0000000000F14000-memory.dmp

Filesize
11.1MB

Download