747e7d0915d7860e3e37c26f0c9932249b7446412c0bcf68c9d54784a8b836f9

Analysis

max time kernel
31s
max time network
35s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 01:25

Target

OpenMe.exe
Size

21.3MB
MD5

6846908b223e58f24f7e224d9d402225
SHA1

7fde424cacf6c5766db7d24dc5e03ecfd2898d15
SHA256

55d8eee45262b53bef2f2391a01b723e019b95e87145d32fb18fce3eb9063cfd
SHA512

156436f2e45b7e01d5cc52ef283ae155f694fdc1babdf06f77a1c0e43532ec2d436e30a520cf05817804b99525fcc349af6d37b8800e207485001bff7ed2b0ae
SSDEEP

393216:2itMU6rX/ULYPDFYN4OgVKikmWekMIqS3r+6qhFsbo:2icX/Uo5YN4OakmWekMKr+6cqbo

Score

5^/10

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2556	OpenMe.exe
2556	OpenMe.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2556	OpenMe.exe
2556	OpenMe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 2292	2556	OpenMe.exe	30
PID 2556 wrote to memory of 2292	2556	OpenMe.exe	30
PID 2556 wrote to memory of 2292	2556	OpenMe.exe	30
PID 2556 wrote to memory of 2292	2556	OpenMe.exe	30

C:\Users\Admin\AppData\Local\Temp\OpenMe.exe
"C:\Users\Admin\AppData\Local\Temp\OpenMe.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Users\Admin\AppData\Local\Temp\boostbot.exe
  "C:\Users\Admin\AppData\Local\Temp\boostbot.exe"
  2⤵
  PID:2292

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

memory/2556-0-0x000000014000D000-0x0000000140EEF000-memory.dmp

Filesize
14.9MB

Download
memory/2556-10-0x00000000772C0000-0x00000000772C2000-memory.dmp

Filesize
8KB

Download
memory/2556-8-0x00000000772C0000-0x00000000772C2000-memory.dmp

Filesize
8KB

Download
memory/2556-6-0x00000000772C0000-0x00000000772C2000-memory.dmp

Filesize
8KB

Download
memory/2556-5-0x00000000772B0000-0x00000000772B2000-memory.dmp

Filesize
8KB

Download
memory/2556-3-0x00000000772B0000-0x00000000772B2000-memory.dmp

Filesize
8KB

Download
memory/2556-1-0x00000000772B0000-0x00000000772B2000-memory.dmp

Filesize
8KB

Download
memory/2556-11-0x0000000140000000-0x0000000142438000-memory.dmp

Filesize
36.2MB

Download
memory/2556-13-0x0000000140000000-0x0000000142438000-memory.dmp

Filesize
36.2MB

Download
memory/2556-14-0x0000000140000000-0x0000000142438000-memory.dmp

Filesize
36.2MB

Download
memory/2556-15-0x000000014000D000-0x0000000140EEF000-memory.dmp

Filesize
14.9MB

Download
memory/2556-18-0x000000014000D000-0x0000000140EEF000-memory.dmp

Filesize
14.9MB

Download
memory/2556-19-0x0000000140000000-0x0000000142438000-memory.dmp

Filesize
36.2MB

Download