4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14

Analysis

max time kernel
150s
max time network
151s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
09-07-2024 21:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14.exe
Size

31KB
MD5

e3649b52b294a7b220054837f9238791
SHA1

e8ae545f9f603319a902d18293049b33975b600e
SHA256

4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14
SHA512

dee778cc16e7211e2ef304d7ebc100a9db1c14b1423e8fd6b1851ed78cf5b8db71494253309a2a538620644f6b4301fb5afa48ac14e9f1a30628aacd9aa8eef8
SSDEEP

768:gWFtq/S5ITXT5PZ3Hzpu9fWWq53E7YS9Vk:lq656PJpu9fWWq53Y9Vk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3048	flimgt.exe

Loads dropped DLL 1 IoCs

pid	Process
2328	4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2328 wrote to memory of 3048	2328	4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14.exe	30
PID 2328 wrote to memory of 3048	2328	4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14.exe	30
PID 2328 wrote to memory of 3048	2328	4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14.exe	30
PID 2328 wrote to memory of 3048	2328	4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14.exe	30

C:\Users\Admin\AppData\Local\Temp\4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14.exe
"C:\Users\Admin\AppData\Local\Temp\4413df94cb12bac70a959bb5dbcb4fb4d60034d5e25c03832e5c6ca45972de14.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2328
- C:\Users\Admin\AppData\Local\Temp\flimgt.exe
  "C:\Users\Admin\AppData\Local\Temp\flimgt.exe"
  2⤵
  - Executes dropped EXE
  PID:3048

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\flimgt.exe

Filesize
31KB

MD5
5fe6f743d0a2c61a942fc2c53ccf27d2

SHA1
048ae570e6088185b1839d169a56c81289f1072a

SHA256
aa39269b3d1d4d34647bebb6cbdf24670a026cefe4f61c0963a09fa4b60204e5

SHA512
cdce379d968a734693e94da27089172aedc02adfdbfdc76834fdb7c0099f480f40e23cb8f1aa39b06e95d0f1cc2da569d570da783c5ed3c7fd5531a212d62e9a

Download Submit
memory/2328-0-0x0000000004000000-0x0000000004010000-memory.dmp

Filesize
64KB

Download