Analysis
-
max time kernel
109s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240704-en -
resource tags
arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system -
submitted
16-07-2024 01:29
Static task
static1
Behavioral task
behavioral1
Sample
4628316fcccf9a8567590cff34420ee0N.exe
Resource
win7-20240704-en
Behavioral task
behavioral2
Sample
4628316fcccf9a8567590cff34420ee0N.exe
Resource
win10v2004-20240709-en
General
-
Target
4628316fcccf9a8567590cff34420ee0N.exe
-
Size
69KB
-
MD5
4628316fcccf9a8567590cff34420ee0
-
SHA1
652a69689346ac8feb70a424d043f747a6a3a88b
-
SHA256
c4cc9e1d194c804980296b8bba91423ced2408ff9543e91bf0dd0a4a1877c339
-
SHA512
8529ad2432a6d048ece419431fab2f2e7ad846004407276996bdd68c243eed333ce4cf24bc8212e820b187aab3c0ce39174fe887e75ad9c63c5e81c467311e77
-
SSDEEP
768:7I4DD+LzjPsED3VK2+ZtyOjgO4r9vFAg2rqnpd2GRqDK42rAIX:71DD+LzjYTjipvF2zW1X
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 1320 fahik.exe -
Loads dropped DLL 2 IoCs
pid Process 1660 4628316fcccf9a8567590cff34420ee0N.exe 1660 4628316fcccf9a8567590cff34420ee0N.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 4 IoCs
description pid Process procid_target PID 1660 wrote to memory of 1320 1660 4628316fcccf9a8567590cff34420ee0N.exe 28 PID 1660 wrote to memory of 1320 1660 4628316fcccf9a8567590cff34420ee0N.exe 28 PID 1660 wrote to memory of 1320 1660 4628316fcccf9a8567590cff34420ee0N.exe 28 PID 1660 wrote to memory of 1320 1660 4628316fcccf9a8567590cff34420ee0N.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\4628316fcccf9a8567590cff34420ee0N.exe"C:\Users\Admin\AppData\Local\Temp\4628316fcccf9a8567590cff34420ee0N.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Users\Admin\AppData\Local\Temp\fahik.exe"C:\Users\Admin\AppData\Local\Temp\fahik.exe"2⤵
- Executes dropped EXE
PID:1320
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
69KB
MD51f2623cb6254b14a83b68edfb66b3106
SHA1f54bd914f05fc58aa301f87731e262c71970b184
SHA256484dade7d9ee51774a55aeca7e7821eb5de7a27db889b655be85ceea7ea28c25
SHA512bcecfc1a16e81246ba7a43ebbac01da8b42f68ee971d96651d1f8d63fadd065e4b29551d5f6c5046b251e496cfce2e72585262bc9b8637d8ced3602ebecab63f