Analysis
-
max time kernel
147s -
max time network
94s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
28/06/2024, 18:59
Static task
static1
Behavioral task
behavioral1
Sample
16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712.exe
Resource
win10v2004-20240508-en
General
-
Target
16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712.exe
-
Size
932KB
-
MD5
12b455eb5ccec5126b4044d3841b8d8a
-
SHA1
c46d43d025615176c655961de2c1c1b930e9af4a
-
SHA256
16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712
-
SHA512
2be80e1db037f65de3211040fc6dd56af601e7e8abd34c5d7c0c6c641bcdf3cb62071fe404642d24173d023357352913b3172a6f86085159622180d085ad40fb
-
SSDEEP
12288:x1/aGLDCMNpNAkoSzZWD8ayX2MQCw7D0FoWxJpcEi0/3IWV//7cSdA8KUt9irOKb:x1/aGLDCM4D8ayGMZo8/s4pKB82VRt
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 4204 pxjajw.exe -
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\pxjajw.exe" pxjajw.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2168 wrote to memory of 4204 2168 16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712.exe 81 PID 2168 wrote to memory of 4204 2168 16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712.exe 81 PID 2168 wrote to memory of 4204 2168 16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712.exe 81
Processes
-
C:\Users\Admin\AppData\Local\Temp\16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712.exe"C:\Users\Admin\AppData\Local\Temp\16a3268f1c0348c2eca89f2415f698dce258038d595e3714cf1f1a49ba900712.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:2168 -
C:\ProgramData\pxjajw.exe"C:\ProgramData\pxjajw.exe"2⤵
- Executes dropped EXE
- Adds Run key to start application
PID:4204
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
932KB
MD5491487e2809937b9d2e55dd0cd0d7277
SHA1c8fc2688ca129f1c650c9c0892083a2f2d1f2088
SHA256b06644729c1f4ba171df8dba21b76344c092a3d31a3b8f0bae62544e6b47abc2
SHA5120855eb221c27312b5c9319d69cddc12a64cbf445fd1904233fa4460702e0775b1f7ef29e0259a6854f4e61a5de7c4c6485e980bd3d62a0e5a56f59c39b2afc3d
-
Filesize
477KB
MD5c928d3c9d30a4c03c53fe1245e6a641b
SHA1dcd775254e306bad9c6a78dfa6fc427b180617b2
SHA2560ce5efa62386defc5efe3a6940a31c4f29a8e09c2e7ce3455c4e6976666cdeb1
SHA5120f982b289a3ac85476bdbeda1fb8adfd6479daaed20cf2de1e7def4479d7fe255623f34ccf11a5408067c791bd64f61bcea701f31fa2c00ec064d3ef22e39e4e
-
Filesize
454KB
MD5586262825fc0a0adb21119d536507b6e
SHA18ae21e4beb6f4535ea40ce11751ab38de89c7ee8
SHA256c82e491abe52b37729e2dcdaf19fb3e5bc6423450cc783a0d50eab7fcb7ac1fb
SHA51254a95e3cda436f54b3fb93c62d39d4b053f300bed164bd793bf3c8ce9f630377813242d129618380ab5e75831868cbb68ab5d7192fda3f66ed22b525d452913c