9ba9a39ad8ed330988e8a2efa6d3c1bab21bccbf55ddc03bb1805608afb95d30

Analysis

max time kernel
117s
max time network
117s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 16:55

Target

ed0a7b6ad920278967cd2391e2b25240N.exe
Size

165KB
MD5

ed0a7b6ad920278967cd2391e2b25240
SHA1

394e87f156142881c1f2f6dbaa1dd1b735e54c84
SHA256

9ba9a39ad8ed330988e8a2efa6d3c1bab21bccbf55ddc03bb1805608afb95d30
SHA512

b23116186e89dd644d67821fcb3c8876bd71b70bb1469130f429240307814340465571264c6c1a96679eb784a4cdc6ee6d417e470b3207a84f36484947d78748
SSDEEP

3072:e4HCWau/PlYeuL7ZLFh6Ca6cbL9l2hzB3fJCC6j8+Er6ez4:tiI/PlY37ZLF4Ca6WABqBOvs

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2276	ins1539.exe

Loads dropped DLL 4 IoCs

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2276	ins1539.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2276	ins1539.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2276	ins1539.exe
2276	ins1539.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 1736 wrote to memory of 2276	1736	ed0a7b6ad920278967cd2391e2b25240N.exe	31
PID 1736 wrote to memory of 2276	1736	ed0a7b6ad920278967cd2391e2b25240N.exe	31
PID 1736 wrote to memory of 2276	1736	ed0a7b6ad920278967cd2391e2b25240N.exe	31
PID 1736 wrote to memory of 2276	1736	ed0a7b6ad920278967cd2391e2b25240N.exe	31
PID 1736 wrote to memory of 2276	1736	ed0a7b6ad920278967cd2391e2b25240N.exe	31
PID 1736 wrote to memory of 2276	1736	ed0a7b6ad920278967cd2391e2b25240N.exe	31
PID 1736 wrote to memory of 2276	1736	ed0a7b6ad920278967cd2391e2b25240N.exe	31

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

\Users\Admin\AppData\Local\Temp\ins1539\ins1539.exe

Filesize
257KB

MD5
ae117f47bd80e5dcf72cf81347fceb73

SHA1
1cd3e4c5fc9fb317b7a8eae6c94d53078800b635

SHA256
49b0ec8a4000cb30f15b318bef4b6f59be2d0f7365be4c4b2b4fd5607e16e23c

SHA512
72d322ec9b13e9ede1967707129f2941328ec75487aa5ea205eab0780ef26c33f253204ce08932052a6ed19d13bd62e68b4f795ef17717b9f31e5a76a9f0c16f

Download Submit
memory/1736-0-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/1736-6-0x0000000000850000-0x0000000000860000-memory.dmp

Filesize
64KB

Download
memory/1736-22-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/1736-24-0x0000000000400000-0x000000000047C000-memory.dmp

Filesize
496KB

Download
memory/2276-17-0x0000000074211000-0x0000000074212000-memory.dmp

Filesize
4KB

Download
memory/2276-18-0x0000000074210000-0x00000000747BB000-memory.dmp

Filesize
5.7MB

Download
memory/2276-19-0x0000000074210000-0x00000000747BB000-memory.dmp

Filesize
5.7MB

Download
memory/2276-20-0x0000000074210000-0x00000000747BB000-memory.dmp

Filesize
5.7MB

Download
memory/2276-21-0x0000000074210000-0x00000000747BB000-memory.dmp

Filesize
5.7MB

Download
memory/2276-23-0x0000000074210000-0x00000000747BB000-memory.dmp

Filesize
5.7MB

Download