e0e36acbafc3f405801263aeb1e2a794ea58d7035b6f19e33c93b9cb476b4cfd

Analysis

max time kernel
110s
max time network
121s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
13/07/2024, 02:17

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

30c6d095e8476812744837ea8cad1080N.exe
Size

22KB
MD5

30c6d095e8476812744837ea8cad1080
SHA1

24d3a5f9e5fb129c8c2f0bbbf802feb022a2a4d3
SHA256

e0e36acbafc3f405801263aeb1e2a794ea58d7035b6f19e33c93b9cb476b4cfd
SHA512

e64e41e19c567b7853fa980496957e0f87cc3fbd3cc3186a5f51f00ec9720de43c8b0cf94be3200f8f55abf6ba8924c836caa1f6428e9fca56f1fb279377d28b
SSDEEP

384:OI8Qo7M2D9jCrBQ1+DdYAS+qA3IvNPcix4Y2wpF7vvxlLV51T8FIpEL:OI8R7My92yGBS+qAYvNU+4Y2w37DJIFD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2556	hhcbrnaff.exe

Loads dropped DLL 1 IoCs

pid	Process
2360	30c6d095e8476812744837ea8cad1080N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 2556	2360	30c6d095e8476812744837ea8cad1080N.exe	30
PID 2360 wrote to memory of 2556	2360	30c6d095e8476812744837ea8cad1080N.exe	30
PID 2360 wrote to memory of 2556	2360	30c6d095e8476812744837ea8cad1080N.exe	30
PID 2360 wrote to memory of 2556	2360	30c6d095e8476812744837ea8cad1080N.exe	30

C:\Users\Admin\AppData\Local\Temp\30c6d095e8476812744837ea8cad1080N.exe
"C:\Users\Admin\AppData\Local\Temp\30c6d095e8476812744837ea8cad1080N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe
  "C:\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe"
  2⤵
  - Executes dropped EXE
  PID:2556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\hhcbrnaff.exe

Filesize
22KB

MD5
0fba146edba8ea0ff42ee02debe4e8ac

SHA1
c0296a35e80b3739ccc48b3948d287bc761f6129

SHA256
95240e69b6ceb5b1a688d43f04a7c8de19dfde5017e367e6b94b5f7d6844880f

SHA512
039f1d7b4ef951d4a8501c62929044e247a5ebdd2758abefd9795cf33531166f80e0cf1123b14199b1d13ed7a743fb55cba49e8a5850ac87fc66a7ca423b4b65

Download Submit
memory/2360-0-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2360-1-0x0000000002AD0000-0x0000000002AD1000-memory.dmp

Filesize
4KB

Download
memory/2360-3-0x0000000002AE0000-0x0000000002EE0000-memory.dmp

Filesize
4.0MB

Download
memory/2360-10-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2556-11-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download
memory/2556-14-0x0000000002B70000-0x0000000002F70000-memory.dmp

Filesize
4.0MB

Download
memory/2556-13-0x0000000002B60000-0x0000000002B61000-memory.dmp

Filesize
4KB

Download
memory/2556-15-0x0000000000400000-0x0000000000410000-memory.dmp

Filesize
64KB

Download