Overview

overview

10

Static

static

3

aaa.iso

windows7-x64

3

aaa.iso

windows10-1703-x64

3

out.iso

windows7-x64

1

out.iso

windows10-1703-x64

1

6438/8157.cmd

windows7-x64

7

6438/8157.cmd

windows10-1703-x64

7

6438/plugged.dll

windows7-x64

10

6438/plugged.dll

windows10-1703-x64

10

Overdue.lnk

windows7-x64

1

Overdue.lnk

windows10-1703-x64

3

Analysis

  • max time kernel
    133s
  • max time network
    135s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    03-08-2024 11:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    6438/8157.cmd

  • Size

    275B

  • MD5

    533d29a067a011b9115e4fcbc94305d7

  • SHA1

    1ff3aa4f90e4933ebfe20e1398dc22ecf8a2e771

  • SHA256

    7bad03aef5b3d3c66dd5a4ed8a82d18643e90536b963e0711611e3266f24d054

  • SHA512

    01d8fc83062dd83e15d3345e2463c6161c052e50a9cfe416de0f7ed569cc02cd63c091f5537ad0ceedf7414cad74ccbd96ab732587b873dd7152c6faadaf5d00

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\6438\8157.cmd"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3376
    • C:\Windows\system32\PING.EXE
      ping 127.0.0.1
      2⤵
      • System Network Configuration Discovery: Internet Connection Discovery
      • Runs ping.exe
      PID:3272
    • \??\c:\users\public\re.exe
      c:\\users\\public\\re.exe 6438\plugged.dat
      2⤵
      • Executes dropped EXE
      PID:352

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Public\re.exe
    Filesize

    23KB

    MD5

    a8819a40562f8afe1ea5a24d4fafea5d

    SHA1

    c5da393b44176770471a8d6b9324eb387046f52b

    SHA256

    cec94c3829884bdf1d35ea3e02988c748c0f6881819719242605e3c5f531fffc

    SHA512

    a4673f9ab8017277723a5486f15da54e6d7a025f0e0eff9355ceb72bde151054ee299af4fb83a3ebe01dba3db3f56abee3a13854a2272099b6f263fb118dab19

    Download Submit