Analysis
-
max time kernel
118s -
max time network
120s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 21:15
Behavioral task
behavioral1
Sample
4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe
Resource
win7-20231129-en
General
-
Target
4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe
-
Size
370KB
-
MD5
b33392085cac871c0419f5dfe397dd88
-
SHA1
2d960bf4926db71fdb34d9af1e23916919e01738
-
SHA256
4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad
-
SHA512
611112722e3c71fb167bbfbc2ccbff808d0c3012d7d2710b9511d84274198c75b42fcba3397c655e73d776c7b8c025b446d24e3d741e7ffd6edcc3ecd399fc8c
-
SSDEEP
6144:CuJkl8DV12C28tLN2/FkCO0aHftvCGCBhDOHjTPmXHk62p8:CzGL2C2aZ2/F1XaveOHjT4
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
wosur.exepid process 2816 wosur.exe -
Loads dropped DLL 2 IoCs
Processes:
4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exepid process 2372 4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe 2372 4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
Processes:
4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exedescription pid process target process PID 2372 wrote to memory of 2816 2372 4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe wosur.exe PID 2372 wrote to memory of 2816 2372 4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe wosur.exe PID 2372 wrote to memory of 2816 2372 4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe wosur.exe PID 2372 wrote to memory of 2816 2372 4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe wosur.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe"C:\Users\Admin\AppData\Local\Temp\4b448d094eafabc03bbc4a2f7e162b2306542084c08e1eacb716b07bcd0935ad.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\wosur.exe"C:\Users\Admin\AppData\Local\Temp\wosur.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\golfinfo.iniFilesize
512B
MD5b30b85445bc9d2a928e2da9610f46d0c
SHA1590a7b6bd339fa995a1558912d8c98164b2c53db
SHA2563fd1cc9bfb63534ffee02c3a9cf4094579c6cd3f571bf52da9270050892c8e31
SHA512592c54d196662c2288a07d246943208e0ff64f0a1c598798fe8e6fc84bc700665c93dc5affef6c7066a08c2b0ac321030311874cd11caf03fc74bced89011abb
-
\Users\Admin\AppData\Local\Temp\wosur.exeFilesize
371KB
MD5ce37698d5ba4f9004b4ae31788604649
SHA1641a166e024ef0087d63e94bdce821f0ec86bca7
SHA256a616c5c1ac351e34d4cc5bae66623bedf1a9714089b00565b4d8e03b3e5e4664
SHA512166039783e17ae7035f28bd5135e123b1db554369dc5a69acbbf9eddcedee18bbb57b94f01875c90e252d1e9a93f1aab76403a3163d3f98e501141fda60f2e9c