61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26

Analysis

max time kernel
146s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
09/07/2024, 01:24

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe
Size

1.0MB
MD5

466218eb5002bb95001c41e359ff1586
SHA1

42f462649ef0b5cfa113e17edad5a50568920a40
SHA256

61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26
SHA512

9396de416d5326f970d97d323a5fbe04d212aa6fd423be455a5d362763af65b2e215473e58923cfcdf9ee829c10b54bcf16a53d8520d7f353607c9bcb8558bf2
SSDEEP

24576:YMwfvDLyhvKo43uxAFf8FrXHt1pUiwHvbCXiDmSY9YwPvTDW:YMw3DeC93IA+Ht1yie9o+

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe
3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe
3172	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3268 set thread context of 3172	3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe	85

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe

Suspicious use of WriteProcessMemory 5 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 3172	3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe	85
PID 3268 wrote to memory of 3172	3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe	85
PID 3268 wrote to memory of 3172	3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe	85
PID 3268 wrote to memory of 3172	3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe	85
PID 3268 wrote to memory of 3172	3268	61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe	85

C:\Users\Admin\AppData\Local\Temp\61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe
"C:\Users\Admin\AppData\Local\Temp\61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Users\Admin\AppData\Local\Temp\61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe
  "C:\Users\Admin\AppData\Local\Temp\61409a4177dc793ba250ce512a4c5fca55c56b2fa29b4da5a68ae2f771cb4b26.exe"
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:3172

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi74D3.tmp\System.dll

Filesize
12KB

MD5
6e55a6e7c3fdbd244042eb15cb1ec739

SHA1
070ea80e2192abc42f358d47b276990b5fa285a9

SHA256
acf90ab6f4edc687e94aaf604d05e16e6cfb5e35873783b50c66f307a35c6506

SHA512
2d504b74da38edc967e3859733a2a9cacd885db82f0ca69bfb66872e882707314c54238344d45945dc98bae85772aceef71a741787922d640627d3c8ae8f1c35

Download Submit
memory/3172-23-0x0000000077A88000-0x0000000077A89000-memory.dmp

Filesize
4KB

Download
memory/3172-24-0x0000000077AA5000-0x0000000077AA6000-memory.dmp

Filesize
4KB

Download
memory/3172-25-0x00000000004B0000-0x0000000001704000-memory.dmp

Filesize
18.3MB

Download
memory/3172-27-0x0000000077A01000-0x0000000077B21000-memory.dmp

Filesize
1.1MB

Download
memory/3268-21-0x0000000077A01000-0x0000000077B21000-memory.dmp

Filesize
1.1MB

Download
memory/3268-22-0x0000000074865000-0x0000000074866000-memory.dmp

Filesize
4KB

Download