b103827df422104e89b003c174c8442c879879b7ef886c943a3306b11f8d116f

Analysis

max time kernel
120s
max time network
119s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20/07/2024, 07:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

696dc28f0674f41742355b3f2e167270N.exe
Size

39KB
MD5

696dc28f0674f41742355b3f2e167270
SHA1

8328d1843601bb6e4d44c70c7e156bd90f00913d
SHA256

b103827df422104e89b003c174c8442c879879b7ef886c943a3306b11f8d116f
SHA512

e544a7073a4df03b128c968d604f38774f67020a7f3921cf377ff4b3e5f2fdd05c9ccc5c3a764651480801d4eb4191a8f2eb3e2e58716bf9381d74cad4019971
SSDEEP

192:jEdMPnwR2bCL8KktnAs7lp1FHif+SjInE6rNr5TdWooAeXR/V49d444UefDSwpIX:jFPnwR2Ca1lpvH6dMtRe5/J0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2168	gert.exe

Loads dropped DLL 2 IoCs

pid	Process
1380	696dc28f0674f41742355b3f2e167270N.exe
1380	696dc28f0674f41742355b3f2e167270N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1380 wrote to memory of 2168	1380	696dc28f0674f41742355b3f2e167270N.exe	30
PID 1380 wrote to memory of 2168	1380	696dc28f0674f41742355b3f2e167270N.exe	30
PID 1380 wrote to memory of 2168	1380	696dc28f0674f41742355b3f2e167270N.exe	30
PID 1380 wrote to memory of 2168	1380	696dc28f0674f41742355b3f2e167270N.exe	30

C:\Users\Admin\AppData\Local\Temp\696dc28f0674f41742355b3f2e167270N.exe
"C:\Users\Admin\AppData\Local\Temp\696dc28f0674f41742355b3f2e167270N.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1380
- C:\Users\Admin\AppData\Local\Temp\gert.exe
  "C:\Users\Admin\AppData\Local\Temp\gert.exe"
  2⤵
  - Executes dropped EXE
  PID:2168

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\gert.exe

Filesize
39KB

MD5
e6d545d3fec7aa2ed39ad316e42e6950

SHA1
d09bbf30046083494d89c079f8ead2337afbc2d1

SHA256
40695e976d5185428f901f1aecaedc2387fa00d44d3432dd62b357c60146400d

SHA512
f769ef77ecbdd82f38739a1b8265534f6fff54e859d67a96e62038b95546953ef6c1a9c8536d442f153efe5af3957395b89b429b448db308c9bc5f83139cbc5d

Download Submit