6655eae45a8dba7963c328c38259693a8c21b157042f3a64ab2c2ff0ef4e2b35

Analysis

max time kernel
13s
max time network
19s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
08/07/2024, 08:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

0c37943af82f04489e170c9202204c30N.exe
Size

55KB
MD5

0c37943af82f04489e170c9202204c30
SHA1

16e76c6e58413cfb1552f0d1f7d158d1bd05cd23
SHA256

6655eae45a8dba7963c328c38259693a8c21b157042f3a64ab2c2ff0ef4e2b35
SHA512

2ef1b708cd6955928232fabc20c3d43f1f910187ae662851ea2b19a011800902c770d0f114aecfecf58987fc983d3b6f03df9c6cc5380104e8f36d1c1e5ac670
SSDEEP

384:5L1d8xSrN1g7xKudNdtADaM4E7FBoJZt2WHwGVeJe6Yk1lS++8UeXVud14+kna+g:5gx+WxKuMDaMpZiHccuFY1FQud1R3l

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2556	hcbnaf.exe

Loads dropped DLL 1 IoCs

pid	Process
2056	0c37943af82f04489e170c9202204c30N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2556	2056	0c37943af82f04489e170c9202204c30N.exe	29
PID 2056 wrote to memory of 2556	2056	0c37943af82f04489e170c9202204c30N.exe	29
PID 2056 wrote to memory of 2556	2056	0c37943af82f04489e170c9202204c30N.exe	29
PID 2056 wrote to memory of 2556	2056	0c37943af82f04489e170c9202204c30N.exe	29

C:\Users\Admin\AppData\Local\Temp\0c37943af82f04489e170c9202204c30N.exe
"C:\Users\Admin\AppData\Local\Temp\0c37943af82f04489e170c9202204c30N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe
  "C:\Users\Admin\AppData\Local\Temp\hcbnaf.exe"
  2⤵
  - Executes dropped EXE
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hcbnaf.exe

Filesize
55KB

MD5
941707d5e096380dcb4acbbabdcd779c

SHA1
a1469faeda83e3cdeb5f3982f6986e65f323bcb1

SHA256
718f3628cab4429bf436e404d61be745d17973cc974ba81518d61d4b5dfae0e0

SHA512
6d234705f1db7c50a11b5350e92483ef10cf1a0e9c5435a895bad6ad55d9674b41df65f7f945f400755c88378ca58c6fe07498fa680f6d7dd9c1917d305bae95

Download Submit
memory/2056-1-0x00000000001B0000-0x00000000001B6000-memory.dmp

Filesize
24KB

Download
memory/2556-8-0x0000000000230000-0x0000000000236000-memory.dmp

Filesize
24KB

Download