29001129136619672260f2b543a7effc54385c41f10b942c8ba90768d34696ca

Analysis

max time kernel
119s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
21/07/2024, 04:52

Target

6addcb901f0f13cdd57f54936d098840N.exe
Size

208KB
MD5

6addcb901f0f13cdd57f54936d098840
SHA1

8f8d36a26d9b0adc41b85eacf45f2b6f9ff1d6a8
SHA256

29001129136619672260f2b543a7effc54385c41f10b942c8ba90768d34696ca
SHA512

5319adc9f449212a3730fd88ec4accc2cd1530201c43ff32f58e6c1ad29a2ddf24455b905e90bc641eadc0f90ebb33fdae2a4ce01a7e424fc69d50e86f5cce77
SSDEEP

3072:4D5iHYTFUVJthlZ+/vhu5hOfHByy0H3pAmBsw29d6rLrLedX28ids7Q+BmaSfu48:J4TFPvByyTmOH/l28iKlgvfuQEj

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
2756	VSURUSH.exe

Loads dropped DLL 2 IoCs

pid	Process
2804	cmd.exe
2804	cmd.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\windows\system\VSURUSH.exe	6addcb901f0f13cdd57f54936d098840N.exe
File opened for modification	C:\windows\system\VSURUSH.exe	6addcb901f0f13cdd57f54936d098840N.exe
File created	C:\windows\system\VSURUSH.exe.bat	6addcb901f0f13cdd57f54936d098840N.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

Suspicious use of SetWindowsHookEx 4 IoCs

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 2804	2200	6addcb901f0f13cdd57f54936d098840N.exe	30
PID 2200 wrote to memory of 2804	2200	6addcb901f0f13cdd57f54936d098840N.exe	30
PID 2200 wrote to memory of 2804	2200	6addcb901f0f13cdd57f54936d098840N.exe	30
PID 2200 wrote to memory of 2804	2200	6addcb901f0f13cdd57f54936d098840N.exe	30
PID 2804 wrote to memory of 2756	2804	cmd.exe	32
PID 2804 wrote to memory of 2756	2804	cmd.exe	32
PID 2804 wrote to memory of 2756	2804	cmd.exe	32
PID 2804 wrote to memory of 2756	2804	cmd.exe	32

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Windows\system\VSURUSH.exe.bat

Filesize
74B

MD5
32e849ea59fd62ccea19041f2f867cfe

SHA1
fdc01902f6d32fa2bb9a8ea08c610d2fdccb7711

SHA256
eecd514d1ec644348f22e30d8884018632efe5857d714d86756880512f9806d8

SHA512
6cfbf1b6ffd8d364a903d64847dda5ae0d1e869f853abcf9d27db26995506025d6942504826b9cc98433a4a1558213fc37874429cfd6e9e3e8cf639ee30ff3d3

Download Submit
C:\windows\system\VSURUSH.exe

Filesize
208KB

MD5
9dfecbe179eb2313677a3e21c2a4c5f8

SHA1
52db065da4253161f59fedadbd461181a48c5015

SHA256
e432f5bfe0641accd80690bed9792786d34c5ecb5565ba98ea7162f15103f37f

SHA512
c821e0651eea6f02db1cd21316c2667dab780c6fc09a1332b86cfbaac8ef1df1172c453a3f8472e2a78a5344ae0827bddee7157d877e56599ce3b4c2b5927ce2

Download Submit
memory/2200-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2200-12-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2756-21-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2756-22-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2804-20-0x0000000001FE0000-0x0000000002018000-memory.dmp

Filesize
224KB

Download
memory/2804-18-0x0000000001FE0000-0x0000000002018000-memory.dmp

Filesize
224KB

Download
memory/2804-17-0x0000000001FE0000-0x0000000002018000-memory.dmp

Filesize
224KB

Download