Analysis
-
max time kernel
150s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
14/06/2024, 01:13
Static task
static1
Behavioral task
behavioral1
Sample
3523900534bc08f6445526c4ee18ce02.exe
Resource
win7-20231129-en
Behavioral task
behavioral2
Sample
3523900534bc08f6445526c4ee18ce02.exe
Resource
win10v2004-20240611-en
General
-
Target
3523900534bc08f6445526c4ee18ce02.exe
-
Size
39KB
-
MD5
3523900534bc08f6445526c4ee18ce02
-
SHA1
8c8e8e648c04e27ce489e39c643e1170f13b31da
-
SHA256
6c674a504e852f4a87e9ea50bb4b1a8b19f4b862cdc935707b95d0f45f7dc50e
-
SHA512
e9155ad99b84995aebea96141764f81a58904b78b2a81bcb99bdea52c08f68c2cafc7217a615cee4eac813cb6b79d902508f6d1ec2037815e7480a868635414b
-
SSDEEP
768:Kf1K2exg2kBwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZsBGGp/YIm7wm0WZyJ:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XX
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2056 hurok.exe -
Loads dropped DLL 1 IoCs
pid Process 2924 3523900534bc08f6445526c4ee18ce02.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of UnmapMainImage 2 IoCs
pid Process 2924 3523900534bc08f6445526c4ee18ce02.exe 2056 hurok.exe -
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 2924 wrote to memory of 2056 2924 3523900534bc08f6445526c4ee18ce02.exe 28 PID 2924 wrote to memory of 2056 2924 3523900534bc08f6445526c4ee18ce02.exe 28 PID 2924 wrote to memory of 2056 2924 3523900534bc08f6445526c4ee18ce02.exe 28 PID 2924 wrote to memory of 2056 2924 3523900534bc08f6445526c4ee18ce02.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\3523900534bc08f6445526c4ee18ce02.exe"C:\Users\Admin\AppData\Local\Temp\3523900534bc08f6445526c4ee18ce02.exe"1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:2924 -
C:\Users\Admin\AppData\Local\Temp\hurok.exe"C:\Users\Admin\AppData\Local\Temp\hurok.exe"2⤵
- Executes dropped EXE
- Suspicious use of UnmapMainImage
PID:2056
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
39KB
MD5c7bcc02799121d9c38ce9f3474a41a42
SHA12ab42048268822c429d8ebf70b587496876a2c8c
SHA25657a65dfc2b3f0492f993252357394c2c6c93b4bb1d2bfb9d5a89e5bcd53e346a
SHA512b8bd3dad91e6567a49cad5a7437005ea193ad855ebf0cc46bdde3373959d9f9a8903cfeb54cbb99535c395b299f39f7da23488cb9efce1ed4c46c3b8828d231d