d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
15/06/2024, 02:35

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe
Size

71KB
MD5

4e8b9ea6e647ccb9c007256ea8067299
SHA1

4a60a02243d066d4a99c1fd170cd5eafcab5b022
SHA256

d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50
SHA512

eea20f6e6a6a1ec0c93f8ea7c4dc10e0c5c52c2b3918b7e147ce1aea6076cac923e3f59d8a6253dda698ec75e1f0d542b2c4efea4e95c823b6c976bb4f6eb926
SSDEEP

768:EsJhM/47dTkc8jmiG/7H1SE3KGdA6jVS2bnKHtIGA8/nVNEcoX7zPjdR1ROe3i:EAA4R43e/7VOEjs2FRPn10eS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1928	wujek.exe

Loads dropped DLL 2 IoCs

pid	Process
1992	d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe
1992	d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1992 wrote to memory of 1928	1992	d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe	28
PID 1992 wrote to memory of 1928	1992	d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe	28
PID 1992 wrote to memory of 1928	1992	d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe	28
PID 1992 wrote to memory of 1928	1992	d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe	28

C:\Users\Admin\AppData\Local\Temp\d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe
"C:\Users\Admin\AppData\Local\Temp\d4ddd92d1d4d56af7735b88fa8fbfe9e669f3c79a7f65a3bd7bec6f729978b50.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1992
- C:\Users\Admin\AppData\Local\Temp\wujek.exe
  "C:\Users\Admin\AppData\Local\Temp\wujek.exe"
  2⤵
  - Executes dropped EXE
  PID:1928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\wujek.exe

Filesize
72KB

MD5
47af855c2fac00257d4bfa3cf30cbb08

SHA1
24aa4f2f958fa57b5098b6bf3cfd5ca41fe5e765

SHA256
46dd5187c79d0f8fd74d5f92c26e64f1260ee9bd48e7a2569420a6d900d68d6d

SHA512
8ecc4e2340c079f7e4f0c6a398f3e51808c66594032255b74c1a67da5842f02e9290ce091a62259c51b6a25cb5149703dfa54862648f3cb992ce9e084382581a

Download Submit
memory/1928-11-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/1992-1-0x0000000000403000-0x0000000000404000-memory.dmp

Filesize
4KB

Download