84a44aa633d6f7f1c0b4002a4fa09a67c2845c4e7ee0df1c71abc9ebb25c0e23

Analysis

max time kernel
108s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
16-07-2024 09:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

999a7f9b57952721241cb21beb9a6ae0N.exe
Size

20KB
MD5

999a7f9b57952721241cb21beb9a6ae0
SHA1

575175d41c87f7348251635b6d960940048977cf
SHA256

84a44aa633d6f7f1c0b4002a4fa09a67c2845c4e7ee0df1c71abc9ebb25c0e23
SHA512

da13c2d28031b996ccf3bf781db232d1d48873a3e39e4581ef4fe22c67c23c1fd07320eaacf4f5bd3bc2f8dfbf4dbacec37bb26df20ad15ff92d1719f98cd92f
SSDEEP

384:YpIT5mv2W8EfxKOx0hyWQ9Xc0TSj50ZLuKHuo:Y85mv2WHEOx0hyWQIULuKOo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2312	zuty.exe

Loads dropped DLL 1 IoCs

pid	Process
2136	999a7f9b57952721241cb21beb9a6ae0N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2312	2136	999a7f9b57952721241cb21beb9a6ae0N.exe	30
PID 2136 wrote to memory of 2312	2136	999a7f9b57952721241cb21beb9a6ae0N.exe	30
PID 2136 wrote to memory of 2312	2136	999a7f9b57952721241cb21beb9a6ae0N.exe	30
PID 2136 wrote to memory of 2312	2136	999a7f9b57952721241cb21beb9a6ae0N.exe	30

C:\Users\Admin\AppData\Local\Temp\999a7f9b57952721241cb21beb9a6ae0N.exe
"C:\Users\Admin\AppData\Local\Temp\999a7f9b57952721241cb21beb9a6ae0N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2136
- C:\Users\Admin\AppData\Local\Temp\zuty.exe
  "C:\Users\Admin\AppData\Local\Temp\zuty.exe"
  2⤵
  - Executes dropped EXE
  PID:2312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\zuty.exe

Filesize
20KB

MD5
2c9199baa057e9a6b3a000637a70adbc

SHA1
cf843ccbe1a2d4d903cf29e91b2b4f0cdb51bbb9

SHA256
fbfe379be3a9665a6574d97460600d090c335dad6390269f98d095a463c72152

SHA512
0ebd8bb117112e4286bf4e766d18d0c46560aa3b2951a2a3d214ce89342c76771c7c72415406296fc3d1a7be4f6de7d5d26be79174786b008008a1d6ed459bcf

Download Submit
memory/2136-1-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2312-8-0x0000000000400000-0x0000000000406000-memory.dmp

Filesize
24KB

Download