437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240705-en
resource tags

arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
submitted
22/07/2024, 20:50

Target

437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe
Size

208KB
MD5

6dff8989a1d2d5ad484186f84c8c105e
SHA1

9880727335a963849d6bb7ed0d082be3e45296d6
SHA256

437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296
SHA512

f31a528f02ebad2eb4db37510e369f3cbed7a87a7543f8c204af65f54440ff7ed062c5edabbfc9e7c0621ac8248eebdd67c1034f7141b97b2eb56be9d3a238cc
SSDEEP

3072:PGXfAoDm58xr9uRDdxJaXN0AGZlNXPngEodk68bR+xx394NLthEjQT67:PGPAoC8xrsJZAGPNXPg/ibcx39QEj9

Score

7^/10

Executes dropped EXE 1 IoCs

pid	Process
3044	DDON.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File created	C:\windows\DDON.exe	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe
File opened for modification	C:\windows\DDON.exe	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe
File created	C:\windows\DDON.exe.bat	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2676	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe
2676	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe
3044	DDON.exe
3044	DDON.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2676	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe
2676	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe
3044	DDON.exe
3044	DDON.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2676 wrote to memory of 2652	2676	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe	30
PID 2676 wrote to memory of 2652	2676	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe	30
PID 2676 wrote to memory of 2652	2676	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe	30
PID 2676 wrote to memory of 2652	2676	437d1045e811737dc7da8fa6a8d660d02a96fc3b6f5f12ece5f68a9b1f993296.exe	30
PID 2652 wrote to memory of 3044	2652	cmd.exe	32
PID 2652 wrote to memory of 3044	2652	cmd.exe	32
PID 2652 wrote to memory of 3044	2652	cmd.exe	32
PID 2652 wrote to memory of 3044	2652	cmd.exe	32

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Windows\DDON.exe.bat

Filesize
54B

MD5
38b8b0e5ba4ebd82213f5b2bb6deeacb

SHA1
6d9901228df7569a13acac0199129d520210cea6

SHA256
b588d462779a91e12dfe6185ae21b61a73ae556a724a86f3ac220cddb86a7b74

SHA512
42cc984361a408aaf6dc1a93e6c9334e009f9925caca35840b96a6d4addbd005220d6fabc8a16361863cc2c6edf13be6ef64d47a0d8e4f7284fd7da8e9dbce88

Download Submit
C:\windows\DDON.exe

Filesize
208KB

MD5
8fbc4670087be2a3d9493ec129a02c1f

SHA1
71a6d990fc7ba90a298056cca40ee351aa89d4d1

SHA256
32f49a808347de934f978f422a984a959e937f63547464af7be7dbdc52489369

SHA512
38f3bfc393f5064e2eb6792b0bb361727b83341b89eb3ac1964858d28f337c125c4c7475a89a9d9f912677569af404f720859b3efe7edba487488225b7122276

Download Submit
memory/2652-15-0x0000000000370000-0x00000000003A8000-memory.dmp

Filesize
224KB

Download
memory/2652-16-0x0000000000370000-0x00000000003A8000-memory.dmp

Filesize
224KB

Download
memory/2676-0-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/2676-12-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/3044-18-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/3044-19-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download