624fbe10d9b7f2438611e433609b7f6a2acd0d04a70d85516505c5777673dd38

Analysis

max time kernel
15s
max time network
17s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
09/09/2024, 21:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Easy Gen.exe
Size

25.2MB
MD5

0fcc3b12a16285b7c7c2c98c508ff018
SHA1

83b27701d035e2ac7dd9de5936cd0e3044a43825
SHA256

624fbe10d9b7f2438611e433609b7f6a2acd0d04a70d85516505c5777673dd38
SHA512

ae12db702e2e89fa4122e3775ade06887ceacf0253a2a0e1ef27d11d3cda821052be8406da43943eac26f34311eaef61314912bfc85eeb2e99ed2863ab5000cb
SSDEEP

393216:Z+upWNj1zz4VrOYwuDOC5qupT1Gcc18Yg6LTDwbI+0sVSJfSKLOAVDbhFsbzVE:ZQR4VPwKOcc18+UI+0s8BFOAVLs9E

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2648	main.exe

Loads dropped DLL 2 IoCs

pid	Process
2444	Easy Gen.exe
2648	main.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2444 wrote to memory of 2648	2444	Easy Gen.exe	30
PID 2444 wrote to memory of 2648	2444	Easy Gen.exe	30
PID 2444 wrote to memory of 2648	2444	Easy Gen.exe	30

C:\Users\Admin\AppData\Local\Temp\Easy Gen.exe
"C:\Users\Admin\AppData\Local\Temp\Easy Gen.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2444
- C:\Users\Admin\AppData\Local\Temp\onefile_2444_133703919185864000\main.exe
  "C:\Users\Admin\AppData\Local\Temp\Easy Gen.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2444_133703919185864000\python310.dll

Filesize
4.3MB

MD5
63a1fa9259a35eaeac04174cecb90048

SHA1
0dc0c91bcd6f69b80dcdd7e4020365dd7853885a

SHA256
14b06796f288bc6599e458fb23a944ab0c843e9868058f02a91d4606533505ed

SHA512
896caa053f48b1e4102e0f41a7d13d932a746eea69a894ae564ef5a84ef50890514deca6496e915aae40a500955220dbc1b1016fe0b8bcdde0ad81b2917dea8b

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2444_133703919185864000\main.exe

Filesize
22.8MB

MD5
4050eef19ecffb75f91868f02221bfaa

SHA1
09f6a72f2d715e4acb03f0b511d041f18387e6f6

SHA256
5d6756ba93538a33d070b8ed67f9c9414edf98f87882481a99e3b27b3d405609

SHA512
1d35aaef8fe7df29fed7ebfc87c43f69a89dccfbfe18392fe6805cf96611f95c11f5fca4c6eb4ce616f14103d02c17a354638a4362c0ec507330356eab769695

Download Submit
memory/2444-215-0x000000013F220000-0x0000000140B8B000-memory.dmp

Filesize
25.4MB

Download
memory/2648-110-0x000000013FB50000-0x000000014127B000-memory.dmp

Filesize
23.2MB

Download