Overview

overview

7

Static

static

3

de46ccaee0...cd.exe

windows7-x64

7

de46ccaee0...cd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    119s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    08-07-2024 05:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    de46ccaee070561b6ae8b94739e2ae09e473c73d5deeb1730535e9d385c7f3cd.exe

  • Size

    384KB

  • MD5

    ff8e69d8d611ed64251f1ba5a969ea2c

  • SHA1

    a12775ea177ea1f4a257d79d17a5df34ac10dbf0

  • SHA256

    de46ccaee070561b6ae8b94739e2ae09e473c73d5deeb1730535e9d385c7f3cd

  • SHA512

    05b9da218ffa84f7732619bb3eab627210702c0d9141fd2390f97c677635455b0fbc8ba22cb0fe2e25cc2a16fc169e3f994ed834e44d0c096dece8737ff653ec

  • SSDEEP

    6144:ZDqdVdWDHU1t/hBcJ9ENDEsCkEjiPISUOgW9X+hOGzC/NM:ZDqdHYSt/hB0qQkmZzcukG2/

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 3 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\de46ccaee070561b6ae8b94739e2ae09e473c73d5deeb1730535e9d385c7f3cd.exe
    "C:\Users\Admin\AppData\Local\Temp\de46ccaee070561b6ae8b94739e2ae09e473c73d5deeb1730535e9d385c7f3cd.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2144
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\windows\INATC.exe.bat" "
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\windows\INATC.exe
        C:\windows\INATC.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:2796

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\INATC.exe.bat
    Filesize

    56B

    MD5

    ff1c59b1b0df36449a48c559dec39106

    SHA1

    ec3f743422ce7ea85b25b4f7cfd5cc6b916ad122

    SHA256

    d4293d80b0621abe4083e539bdc81077a1096013f5e43e3b4012a883e7bba368

    SHA512

    93f5405d090db8dfd5f2862f120b28fa6b61af9c1b655f9af9f75d538496b7f9f9f76e444ab2c01dc6e84fca7f625fbb31e63f2cf484c078625e18d38f6fbb73

    Download Submit

  • C:\windows\INATC.exe
    Filesize

    384KB

    MD5

    86e5d83cf68adf20f78b2a201974e10d

    SHA1

    d155c0d5b55a4d36c0051a26ccb4ec49a3dcc617

    SHA256

    c85b79cf6cf61e7140485f3a7e57944a6116585c61055d5e55517c16bc339b0e

    SHA512

    0f0fc8dd57f5452ecfa6d93a473f0c1982a8f4652f956921f72cd2fa2292a031a1195b083eff0d4c013d53dfb1145c268586547204760eca494cf86245d2c986

    Download Submit

  • memory/2144-0-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2144-12-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2760-17-0x0000000000130000-0x0000000000169000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2760-16-0x0000000000130000-0x0000000000169000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2796-18-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download

  • memory/2796-19-0x0000000000400000-0x0000000000439000-memory.dmp

    Filesize

    228KB

    Download