4cd5e9da03cf453504bd3d4f48dd4263b27176d9fd1c66492d69ac8547ac254b

Analysis

max time kernel
118s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
16/06/2024, 19:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$_3_.exe
Size

1.7MB
MD5

d4c16982f8a834bc0f8028b45c3ae543
SHA1

9d9cec9af8f23a23521e20d48d9af1024663a4a7
SHA256

932badf8ce27381bd595c9d861d7f7142fe98f233a893a2003a5f5e5ec163b3b
SHA512

c94b8d978afac107c08a5405cf9510e48d4bcf1284292eee1d08898f1c7a43a83a9655dc4d85d27d3b825e45a8f136c7beb71405fab94bb5e2437b7c4ad44b5c
SSDEEP

49152:n7mrmYPoEHVGTWFkO4ITVpSuEqM/vrM3rA3SuN5:km2Z12WFYFVf

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
1620	$_3_.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1620	$_3_.exe
1620	$_3_.exe
1620	$_3_.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 2284	1620	$_3_.exe	30
PID 1620 wrote to memory of 2284	1620	$_3_.exe	30
PID 1620 wrote to memory of 2284	1620	$_3_.exe	30
PID 1620 wrote to memory of 2284	1620	$_3_.exe	30

C:\Users\Admin\AppData\Local\Temp\$_3_.exe
"C:\Users\Admin\AppData\Local\Temp\$_3_.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\cmd.exe
  cmd /c ""C:\Users\Admin\AppData\Local\Temp\9599.bat" "C:\Users\Admin\AppData\Local\Temp\F62015650B9B467993E2E36604FE09B5\""
  2⤵
  PID:2284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\$IFRWFDZ

Filesize
544B

MD5
374280e5e0ec583eee8233070a6f709d

SHA1
a3267ae5fa2f44e22ffc8b98263294cf75cf73c3

SHA256
c2ae4fae4b1b87c08ecd1e442bf1a2c1bc6e68af46f0f7e95af1ab8260e890e2

SHA512
434f25d4609c9c3a39d092dcb52157709fea8a45928c0b49c05ab1b72f16bcb10ae0d18258d6c4f3a90a672f55e5f13727402bf630f15058dd65afd5330fd72f

Download Submit
C:\Users\Admin\AppData\Local\Temp\9599.bat

Filesize
212B

MD5
668767f1e0c7ff2b3960447e259e9f00

SHA1
32d8abf834cce72f5e845175a0af2513b00504d8

SHA256
cdb93994093a24991c246d8b6f7003920a510a45bfc8441521314ce22a79191d

SHA512
c07f26c8601cf91d9805004668463721ab91e14f3cc59e77e20f43d98e070ea8e742c38fe8021c4ffb1ebc02e3743ab732b66ff84bb24b59a5fdcc8634c77680

Download Submit
C:\Users\Admin\AppData\Local\Temp\F62015650B9B467993E2E36604FE09B5\F62015650B9B467993E2E36604FE09B5_LogFile.txt

Filesize
2KB

MD5
bb8af1577de207ddf68f53a72940c78e

SHA1
05f662ffefe157e5d7a12fd89e39e06bea75a766

SHA256
06156524ef53f1963e06005a10e96c83004ca8fb5f7dbbd90a2cb63a0a7a66c4

SHA512
16bffea5aaa353bddd1e9d73356ab66e2f4eb04f7c4787bd14a3c9a271fc01c88b05d9ee619947508078c0927ad3cded390db153a1c13d5e5ab516c68af9cd06

Download Submit
C:\Users\Admin\AppData\Local\Temp\F62015650B9B467993E2E36604FE09B5\F62015650B9B467993E2E36604FE09B5_LogFile.txt

Filesize
3KB

MD5
fd4f964778a097ed56683f42ae62e6d9

SHA1
b301a5a36cf6f4f82b96370032434a2e7723e86e

SHA256
05c8754d18c9f753c555b4b54df8fb56726039707dc049ec47aff75e6fd60c67

SHA512
3030f95ebe54dd6d8d6ffbdc706514fe69aa231d7cdbe965d3eb1102e9ecc33357d1899ec90cc8f062b9785ed08219bd9857691b97b11eddf3b5ccf6174e4d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\F62015650B9B467993E2E36604FE09B5\F62015650B9B467993E2E36604FE09B5_LogFile.txt

Filesize
5KB

MD5
ef69ccc3b50a29396fb5906ae0678518

SHA1
b8a9c8fd8eeccbc97b9d2c4009e0db062e605f34

SHA256
1b8af082b0d03c019593c4ef3b4bb0eee58fa2ed2a9f665e5f79292fa94cde03

SHA512
b27737af4a4d532eb84843a450791829ecdf250b959a3943e63e4bd4c85883c814038fa9b732e916659b3f2f4740dada5ab8cfe32c33fe2f71e81dd6641a4461

Download Submit
C:\Users\Admin\AppData\Local\Temp\F62015650B9B467993E2E36604FE09B5\F62015650B9B467993E2E36604FE09B5_LogFile.txt

Filesize
1KB

MD5
a93991f6aef4f337d4a7f69735b770fe

SHA1
8382fecfc91f4fe5cdd24c5d902f60e1fec9656a

SHA256
66be8d5adad2c518a595b384ba85dff50eee729e307eea916c5808ee3c4da46e

SHA512
9d96321eba4bd09626379454d53db9df814a602de84658a05e61675e77ab1862907dc8aef7f4f770059d22b6cad78f3b7311701cdd9a677cc83ff80b84a9136e

Download Submit
C:\Users\Admin\AppData\Local\Temp\F62015650B9B467993E2E36604FE09B5\F62015~1.TXT

Filesize
27KB

MD5
a4f2f1614a26a3cf233d9ac4203b7357

SHA1
c907ad3a2321680fcbb564cb9f039c2a8aacd82e

SHA256
d10f2decc65789d23579c2586ec787491d9966ccd5fbd81ce02ce371e427de76

SHA512
4735b00e51c386de7216cade930942ecd44c696f232e19244b4b26a2dd534a52bf820434ae2ea163e24bbaa0d33323c382fe48c77b6325c35e6f6b58d4035e85

Download Submit
memory/1620-67-0x0000000000110000-0x00000000002BF000-memory.dmp

Filesize
1.7MB

Download
memory/1620-196-0x0000000000110000-0x00000000002BF000-memory.dmp

Filesize
1.7MB

Download
memory/1620-281-0x0000000000110000-0x00000000002BF000-memory.dmp

Filesize
1.7MB

Download