48f7fbe3cb26ad15725dea3facde3fd49e0708c59e35a0752bf7dc39a84ea4ce

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
23/08/2024, 21:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

5.3MB
MD5

8106fe1bba482da9cf1436a1fac73230
SHA1

2eea03f71155c437875d00a9c8de052689dcb824
SHA256

c5e0a4e8bcb73aa7b6da814ac986d07836f87aa70af84620087eaa8ccb680ff7
SHA512

a98e7452ecbf0a4493da4d471b719f5c2e88d0526a9b1a9ac7ed3eda1c131401184c425f3b858d588e2b75d5747e47671e7a4d2f04c8071d847f9721dc19bdad
SSDEEP

98304:9QROUfH/3HV6K1eiTzW2H0P2U9HenTueByxs0oahbG6IfDMMllqg7:9QvfflRLUPBenTuMyxs0oejIfDMgln7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2984	loader.exe

Loads dropped DLL 2 IoCs

pid	Process
1148	loader.exe
2984	loader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1148 wrote to memory of 2984	1148	loader.exe	29
PID 1148 wrote to memory of 2984	1148	loader.exe	29
PID 1148 wrote to memory of 2984	1148	loader.exe	29

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1148
- C:\Users\Admin\AppData\Local\Temp\onefile_1148_133689236175440000\loader.exe
  "C:\Users\Admin\AppData\Local\Temp\loader.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1148_133689236175440000\python311.dll

Filesize
5.5MB

MD5
9a24c8c35e4ac4b1597124c1dcbebe0f

SHA1
f59782a4923a30118b97e01a7f8db69b92d8382a

SHA256
a0cf640e756875c25c12b4a38ba5f2772e8e512036e2ac59eb8567bf05ffbfb7

SHA512
9d9336bf1f0d3bc9ce4a636a5f4e52c5f9487f51f00614fc4a34854a315ce7ea8be328153812dbd67c45c75001818fa63317eba15a6c9a024fa9f2cab163165b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1148_133689236175440000\loader.exe

Filesize
8.5MB

MD5
25c312f4da3222a68d209c91945adda8

SHA1
25cfa08c17e2c97e61bd4819a3f4aac03f80ddf5

SHA256
1fb6e99be149836379a93738c525c809cd30bda46330a49a3601c8e9b3372aba

SHA512
aba55518bedda5bdec190635e100ef1cea6e9823ff0ecfbad742aa603270e4da39e2a1fe8df3beebcc633b362d0c61738bcf5003a6145fd5d68f5e2313df5382

Download Submit