a1ff018ae5d8043a43c6323154e89fcbe1d725c87ba1f3e3cb393047e6b4ab38

Analysis

max time kernel
14s
max time network
19s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
07-09-2024 17:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0af9996389089ed5a37dffb20115d660N.exe
Size

2.0MB
MD5

0af9996389089ed5a37dffb20115d660
SHA1

923d23a18eb0f494afff8f42025ef62c01d8e16c
SHA256

a1ff018ae5d8043a43c6323154e89fcbe1d725c87ba1f3e3cb393047e6b4ab38
SHA512

d9a1a8df24ff3c246a7f20d37ec131692ad6a0acee01d056547e98188dd0c50b4f3eabc94fcc010ae2887daf641b179b36289cd3ee6633078abbad3d39de2159
SSDEEP

49152:fxTeZUleSs7Z/n6a96iOtgdtvQuIDZOK7c7GY0wWqDqT9K:JleSsRn6c6PU5QuIDc7PrWqDqT9K

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2836	StartAllBackCfg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\0af9996389089ed5a37dffb20115d660N.exe
"C:\Users\Admin\AppData\Local\Temp\0af9996389089ed5a37dffb20115d660N.exe"
1⤵
PID:2052
- C:\Users\Admin\AppData\Local\Temp\SIBSFX.85611804\StartAllBackCfg.exe
  "C:\Users\Admin\AppData\Local\Temp\SIBSFX.85611804\StartAllBackCfg.exe" /install
  2⤵
  - Executes dropped EXE
  PID:2836

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SIBSFX.85611804\StartAllBackCfg.exe

Filesize
3.3MB

MD5
a5a2ca9c49f16a184875ba09b3e08b60

SHA1
4647fa230691e8a38486cb209b713c4684b28772

SHA256
82ed0eb734ea86b1e5feec0507e49cbb6a60db7fae16777e79891738de4cd0a2

SHA512
978cce9afd541deae76f1c3a793fbd75ec5c871dd90b9f26a8e2a517cf1e453a86e7976d02408735a6bcb2a726e25bb52048444e23edafe583bb147ce18e6881

Download Submit
memory/2052-64-0x0000000001C30000-0x0000000001C31000-memory.dmp

Filesize
4KB

Download
memory/2052-127-0x0000000001C30000-0x0000000001C31000-memory.dmp

Filesize
4KB

Download