aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0

Analysis

max time kernel
194s
max time network
256s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
09-09-2024 05:07

Target

aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0.exe
Size

4.7MB
MD5

4b0348bf0a8544b5c6b90c79bbeca054
SHA1

fffc3fed695f793866fc13fd2000531134e8874f
SHA256

aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0
SHA512

887d7b2ff7bb4b0d0fbf68cf444e3274aa42cf30d02d322c8edb566984e6e1e9f3fe4dd29d1d70f6cd557f12749e5e17eff171c8a8391288dc3a63cb8d5fb5fe
SSDEEP

98304:k3wcjJ13S+Gzjaic7xSlVJOaVTA3bCP198hZbfsm4xKEHMBy:oC+0EYlVnVc3bUGs7KvBy

Score

3^/10

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4144 wrote to memory of 4448	4144	aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0.exe	74
PID 4144 wrote to memory of 4448	4144	aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0.exe	74

C:\Users\Admin\AppData\Local\Temp\aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0.exe
"C:\Users\Admin\AppData\Local\Temp\aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4144
- C:\Users\Admin\AppData\Local\Temp\aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0.exe
  "C:\Users\Admin\AppData\Local\Temp\aa0b653006f07f7129c7c1ac1d2d3fbd7a3039b2f4a00771a8138705d5782ae0.exe" -sfxwaitall:0 "rundll32" setup_app_tmp.dll,setuptool
  2⤵
  PID:4448

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact