88c1b0cd97bad80a516aa2ee8e45753a69e2b791aca7f665f32bd6b5c38db1b5

Resubmissions

25-08-2024 20:46

240825-zkkanstgqe 10

25-08-2024 20:43

240825-zhyqaavhpr 8

Analysis

max time kernel
11s
max time network
18s
platform
windows7_x64
resource
win7-20240704-en
resource tags

arch:x64arch:x86image:win7-20240704-enlocale:en-usos:windows7-x64system
submitted
25-08-2024 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TMP48CC.exe
Size

10.6MB
MD5

f7a5f232f46b726be8c59c12292fe6ad
SHA1

0a258a105aa343dee4ee96fdb8d8c13f67f83969
SHA256

88c1b0cd97bad80a516aa2ee8e45753a69e2b791aca7f665f32bd6b5c38db1b5
SHA512

243a83037e96c4f56e6def22697075122ccf02bac33291501484209b2319c8bc5690002c48e176d567147d135f698394f4ad7c9468068fe08ba54098385ab420
SSDEEP

196608:9iKqc9NYeYcWuB8KIuW4Drp0dhCed8s4VNvLRMQ3aRmf:Wc9XTWuN/qdcFj7jt3V

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2640	ven.exe

Loads dropped DLL 2 IoCs

pid	Process
2256	TMP48CC.exe
2640	ven.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2640	2256	TMP48CC.exe	31
PID 2256 wrote to memory of 2640	2256	TMP48CC.exe	31
PID 2256 wrote to memory of 2640	2256	TMP48CC.exe	31

C:\Users\Admin\AppData\Local\Temp\TMP48CC.exe
"C:\Users\Admin\AppData\Local\Temp\TMP48CC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Users\Admin\AppData\Local\Temp\onefile_2256_133690922460410000\ven.exe
  "C:\Users\Admin\AppData\Local\Temp\TMP48CC.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2640

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2256_133690922460410000\python311.dll

Filesize
5.5MB

MD5
5a5dd7cad8028097842b0afef45bfbcf

SHA1
e247a2e460687c607253949c52ae2801ff35dc4a

SHA256
a811c7516f531f1515d10743ae78004dd627eba0dc2d3bc0d2e033b2722043ce

SHA512
e6268e4fad2ce3ef16b68298a57498e16f0262bf3531539ad013a66f72df471569f94c6fcc48154b7c3049a3ad15cbfcbb6345dacb4f4ed7d528c74d589c9858

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2256_133690922460410000\ven.exe

Filesize
16.2MB

MD5
7f21a199ef3defc11342909ac0a1d1f7

SHA1
cc4563c8e1c84b12348eefe709be9c01f463ab47

SHA256
ece53aef699943c5de4d63b5f1b715578d1e62e0156aa888e63aafd4e1f81753

SHA512
ef768ccbba590ee03a3bb11f13fc78bc3e0291e048dad25f4a40d77a2aaa0138d2de6cb4872aae98e612525a406ccf718d48644251e747a28dfc71013052597c

Download Submit