6d0509d88419d77f68f71923a568ffebe1dfd7f7e8eaec3c72683cf2993ef577

Analysis

max time kernel
144s
max time network
151s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
08-07-2024 03:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

69193796b5c35fb0907234f6ff0c0184.exe
Size

49KB
MD5

69193796b5c35fb0907234f6ff0c0184
SHA1

03ba8f59d1251335d85e1ccade658afa8b16843c
SHA256

6d0509d88419d77f68f71923a568ffebe1dfd7f7e8eaec3c72683cf2993ef577
SHA512

b52460ae5c6f95fe86a63348f714678af299d10c78eb02daf0b665787c312d6e2fc6ed9a9f14f8c6b6f5f84898baa58da5f9855342646cfb95ef441661d4035d
SSDEEP

1536:o1KhxqwtdgI2MyzNORQtOflIwoHNV2XBFV72BOlA7ZszsbKY1x5hjatshq:aq7tdgI2MyzNORQtOflIwoHNV2XBFV7P

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2796	hurok.exe

Loads dropped DLL 1 IoCs

pid	Process
492	69193796b5c35fb0907234f6ff0c0184.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of UnmapMainImage 2 IoCs

pid	Process
492	69193796b5c35fb0907234f6ff0c0184.exe
2796	hurok.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 492 wrote to memory of 2796	492	69193796b5c35fb0907234f6ff0c0184.exe	29
PID 492 wrote to memory of 2796	492	69193796b5c35fb0907234f6ff0c0184.exe	29
PID 492 wrote to memory of 2796	492	69193796b5c35fb0907234f6ff0c0184.exe	29
PID 492 wrote to memory of 2796	492	69193796b5c35fb0907234f6ff0c0184.exe	29

C:\Users\Admin\AppData\Local\Temp\69193796b5c35fb0907234f6ff0c0184.exe
"C:\Users\Admin\AppData\Local\Temp\69193796b5c35fb0907234f6ff0c0184.exe"
1⤵
- Loads dropped DLL
- Suspicious use of UnmapMainImage
- Suspicious use of WriteProcessMemory
PID:492
- C:\Users\Admin\AppData\Local\Temp\hurok.exe
  "C:\Users\Admin\AppData\Local\Temp\hurok.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of UnmapMainImage
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hurok.exe

Filesize
49KB

MD5
06ed44c66e310c00ed745401c074ba1f

SHA1
25c48c2252fa316fcba0c576f7cf4680c4aa46e8

SHA256
82ac07a59174eec30872b90b9abcaaa260fedf9f2e26d019e019995d9b421129

SHA512
f08f305dcc678eaea4e39cf34ab3d20c59fec7411ebf8b5a571e159f0f23605e5982b5b58581e14e30719e7e4e5bf00bfffdd9a3f3d8a90a8184017a9452323a

Download Submit
memory/492-1-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/492-0-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download
memory/492-2-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download
memory/2796-23-0x00000000002F0000-0x00000000002F6000-memory.dmp

Filesize
24KB

Download