48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
25-06-2024 17:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe
Size

12.1MB
MD5

470dba79a4b73bcf3b8c6d917d2844fe
SHA1

af7aa33b9a84816d00177aaf464ea12a622c004c
SHA256

48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5
SHA512

a71c8820cdd6bef86a4d3b20166c27d4c1d60fae93f792a73ed085630e2dfeea300f758d46ca265d0c1f3be7d0c585ba531d30f3bd16d51d0f1fe989bf3fe2f5
SSDEEP

196608:n2Gtl6DPRKTkNg8h8V2KQqGfyxXIicOExzUx8Bssun3f6B2+FhtwVEQg:2GtA7RKQNg8h8V2KQH6uBsc9DtbQg

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2324	48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe
File opened (read-only)	\??\D:	48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe
File opened (read-only)	\??\E:	48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2024 wrote to memory of 2128	2024	48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe	28
PID 2024 wrote to memory of 2128	2024	48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe	28
PID 2024 wrote to memory of 2128	2024	48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe	28
PID 2024 wrote to memory of 2128	2024	48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe	28
PID 2128 wrote to memory of 2324	2128	cmd.exe	30
PID 2128 wrote to memory of 2324	2128	cmd.exe	30
PID 2128 wrote to memory of 2324	2128	cmd.exe	30
PID 2128 wrote to memory of 2324	2128	cmd.exe	30

C:\Users\Admin\AppData\Local\Temp\48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe
"C:\Users\Admin\AppData\Local\Temp\48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe"
1⤵
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:2024
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Users\Admin\AppData\Local\Temp\053A5F0975354E7BA24D91D2F597F1E7.bat
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2128
- - F:\996m2\48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe
    "F:/996m2/48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe"
    3⤵
    - Executes dropped EXE
    PID:2324

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\053A5F0975354E7BA24D91D2F597F1E7.bat

Filesize
81B

MD5
72355c262e5e823019691fef952b481e

SHA1
063d54686f98de3bb3658162ccf3382208472fb6

SHA256
1d2e8f3ed31cc4d7a38b7236894e8ccd936313e4884510703bacdeadccac7f58

SHA512
d67b57aeef7fe24e647d8305f9e6469c98c69885cc9f3b6a135a23a523a00603e31636378c44a1b1ebbde5410e2db7a0fc048fd3fe5795344612ebda14975a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ìì¹ÙÎÊÊÀ.ini

Filesize
75B

MD5
e3febec7c9d89d6c7dca6f55195ed89f

SHA1
f98fb4c0fd3b7c926e1875fda3566388903f4eef

SHA256
d7e3aaf8d14b12596ce20a82487200fd3daa34db92f06c92703600519f02447c

SHA512
2c034ddf1eea4addc7eca9206e176083a363d5cb69ed8acd87f1fc6ba0c6fa7a7e004550dc7257bcb237d78afe8fb672c695a6b073643cc2c4efb9477321f1bf

Download Submit
F:\996m2\48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5.exe

Filesize
12.1MB

MD5
470dba79a4b73bcf3b8c6d917d2844fe

SHA1
af7aa33b9a84816d00177aaf464ea12a622c004c

SHA256
48b2483674cf8fe067b6290f568d1c7a405f53ab38873e779403da662e6e50d5

SHA512
a71c8820cdd6bef86a4d3b20166c27d4c1d60fae93f792a73ed085630e2dfeea300f758d46ca265d0c1f3be7d0c585ba531d30f3bd16d51d0f1fe989bf3fe2f5

Download Submit
memory/2024-0-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2024-23-0x0000000000400000-0x0000000000F14000-memory.dmp

Filesize
11.1MB

Download
memory/2324-13-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2324-24-0x0000000000400000-0x0000000000F14000-memory.dmp

Filesize
11.1MB

Download