b5e52f1b657eb62399ef9c28ac8d07dbec441c9850f61f0500437189501b0085

Analysis

max time kernel
14s
max time network
16s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 07:46

Target

8d84650f420e968e331cd17d1ad0ab60N.exe
Size

208KB
MD5

8d84650f420e968e331cd17d1ad0ab60
SHA1

eb432a068ee80a1d32bde0977037a6102a53502b
SHA256

b5e52f1b657eb62399ef9c28ac8d07dbec441c9850f61f0500437189501b0085
SHA512

f3fb8cc98ad5d818bd4ecb73100b3f9290ce95979c3c4dfd4badf6cf234fcbef46b163b0443497d87a307c07ead7d0dead54f91146e1691f651c6ec27ea50a88
SSDEEP

3072:RhWzi7s/Jkug/mBHRasC7KY11IW20ALoE5NPp5+T2WM/+74NLthEjQT6:RhYSJ/mlMXKY11hxE5Bp5+aWBQEj

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2140	UDNL.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\windows\UDNL.exe	8d84650f420e968e331cd17d1ad0ab60N.exe
File opened for modification	C:\windows\UDNL.exe	8d84650f420e968e331cd17d1ad0ab60N.exe
File created	C:\windows\UDNL.exe.bat	8d84650f420e968e331cd17d1ad0ab60N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of SetWindowsHookEx 4 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2996 wrote to memory of 820	2996	8d84650f420e968e331cd17d1ad0ab60N.exe	31
PID 2996 wrote to memory of 820	2996	8d84650f420e968e331cd17d1ad0ab60N.exe	31
PID 2996 wrote to memory of 820	2996	8d84650f420e968e331cd17d1ad0ab60N.exe	31
PID 2996 wrote to memory of 820	2996	8d84650f420e968e331cd17d1ad0ab60N.exe	31
PID 820 wrote to memory of 2140	820	cmd.exe	33
PID 820 wrote to memory of 2140	820	cmd.exe	33
PID 820 wrote to memory of 2140	820	cmd.exe	33
PID 820 wrote to memory of 2140	820	cmd.exe	33

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Windows\UDNL.exe

Filesize
208KB

MD5
42dd8b2250672bea591aae763738a40e

SHA1
933ae0228baa280437bfa2a7eacadcc7090c84f9

SHA256
1270955eff859a7423e410a385bfcdd2f1673f2aa2dac245ddefba3637c69332

SHA512
f0788ba25a3d6b8bd5fd838e7a868f2860a66592bd40cd825b9c3eb1afc3444b3f52b1b2e5b07cdf4417272a33adeacb3e0bc9731ecda99c9a052c2040870668

Download Submit
C:\Windows\UDNL.exe.bat

Filesize
54B

MD5
5de0f301f4a53cd4782a99b6278b8b64

SHA1
44be76715c3f4996ad4816c9161b5b0b1391b45d

SHA256
cb3e7a941006f935d9731f83451666c3967549dc38435a4ad531da95b653a35b

SHA512
270316fe344b3c6b85f22e410f8f487fdb94e85cfbcf7781557b8bf7d8de69c9269c190e3eaceadfe7b5e6ba4eb88ec840b4b5dfcf9047ded47efecc56ef6b78

Download Submit
memory/820-16-0x0000000000130000-0x0000000000168000-memory.dmp

Filesize
224KB

Download
memory/820-15-0x0000000000130000-0x0000000000168000-memory.dmp

Filesize
224KB

Download
memory/2140-18-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2140-19-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2996-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2996-12-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download