Analysis
-
max time kernel
149s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240704-en -
resource tags
-
submitted
05-07-2024 18:28
General
-
Target
08be13eb070b129b734d35fbd784331c66dc0e1cc5fc38803a64f3d25792b33f.exe
-
Size
1.4MB
-
MD5
1de31b76ccdf642b341817bd9f0dc572
-
SHA1
7e4e646035aa3524ae793b51d2b6dd8403d54fa1
-
SHA256
08be13eb070b129b734d35fbd784331c66dc0e1cc5fc38803a64f3d25792b33f
-
SHA512
082632b503d9ad38b4169b83660abe03594ef94280a208c7e26fa3262611115c65ea106da840e5a96c62cf4e59938eeedc5d79726301f82dff32d3ca489d4e9a
-
SSDEEP
24576:E30hJ529+RipvL1SXk1QE1RGOTnIEQc4au9NgxnHNnof:EEM9+ApwXk1QE1RzsEQPaxHNI
Malware Config
Signatures
-
Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Loads dropped DLL 1 IoCs
-
Enumerates connected drives 3 TTPs 21 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops autorun.inf file 1 TTPs 3 IoCs
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in Program Files directory 1 IoCs
-
Program crash 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\08be13eb070b129b734d35fbd784331c66dc0e1cc5fc38803a64f3d25792b33f.exe"C:\Users\Admin\AppData\Local\Temp\08be13eb070b129b734d35fbd784331c66dc0e1cc5fc38803a64f3d25792b33f.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Documents and Settings\tazebama.dl_"C:\Documents and Settings\tazebama.dl_"2⤵
- Modifies visibility of file extensions in Explorer
- Executes dropped EXE
- Enumerates connected drives
- Drops autorun.inf file
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 7443⤵
- Program crash
-
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 4104 -ip 41041⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
113KB
MD5da9e7c04ecc6d51c518360fae33ed39f
SHA1ae1f4557a9bee3547cf1bb199f9dd0e62f3a14eb
SHA2562adc33844709509859908f625eb3118abceb1916abc3f881f5125ac329de6d73
SHA5124e13dbb0a47becbb93b0d9d6cacccc9600512eac7454d28cd474e5bd6298cc3b25129c1e2ac453fd0adb6d01e5e8092866dce52a001fbf6e4b56da68c298826a
-
Filesize
32KB
MD5b6a03576e595afacb37ada2f1d5a0529
SHA1d598d4d0e70dec2ffa2849edaeb4db94fedcc0b8
SHA2561707eaf60aa91f3791aa5643bfa038e9d8141878d61f5d701ebac51f4ae7aaad
SHA512181b7cc6479352fe2c53c3630d45a839cdeb74708be6709c2a75847a54de3ffc1fdac8450270dde7174ecb23e5cb002f8ce39032429a3112b1202f3381b8918c
-
Filesize
126B
MD5163e20cbccefcdd42f46e43a94173c46
SHA14c7b5048e8608e2a75799e00ecf1bbb4773279ae
SHA2567780bee9df142a17e0457f3dcb2788b50fc2792370089335597d33719126fb7e
SHA512e5ac0ff6b087857799ab70f68067c9dc73eeb93ccfcad87047052380b95ade3e6eb2a7d01a0f850d548a39f4b1ebb60e299d603dbe25c31b9a3585b34a0c65a8
-
Filesize
113KB
MD5acb5d6f8c6e678c19045dd82eadeee19
SHA10726566cc956f858c3ad27e10ba4a685c01ccf74
SHA256f4b1085130a45562e803df3a50dd4f19ffd3b41a67cb24b2d790724c8baf766b
SHA51230c5acf6bd50a4886f3983e029f3371b4ed83e62bea71ecb003f5533aea4c3641c6fed05b617bc60c756a3d48914afbafb201d6584962e2fe3898528418a1057
-
Filesize
113KB
MD54b9fc2b26778f18e9200bd73767ced66
SHA18e72d07868b343e0555f03e0b8217fbb2079741c
SHA256659ea78126aca418d77699ace5f26685549cedfcf1bf9bd918425b2875055ec3
SHA51265544537898f59b62f4f4e016b6e2eeb03926bb5267b8674474696723b912f3b3e86d4cb33c39668e6160a353befb5a89154eb456af994bbada08ee5da23517f
-
Filesize
1.3MB
-
Filesize
48KB
-
Filesize
1.3MB
-
Filesize
1.3MB
-
Filesize
96KB
-
Filesize
96KB