78a93880049831bd181b8147d5b9900e31b3cd094f9d5214aa1a0078081eeca5

Analysis

max time kernel
15s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14/09/2024, 11:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7Xg8ed6ITLcVfSx)M1Zh2'(fk.exe
Size

7.8MB
MD5

6a700c4c6ea5e658afba606711043a17
SHA1

1ab34cc9ad0ff86b76c1c4d40dbaeea56c3562c8
SHA256

78a93880049831bd181b8147d5b9900e31b3cd094f9d5214aa1a0078081eeca5
SHA512

669f1e6171cde2c636a6f39b95e880d406741cffe6e78e9dc1ea60141d862fc4e07e307db597b61593ccb40d0e464b20d002675e5c471ce2fd3ea8cdfb5e3fe1
SSDEEP

196608:oYa2lxmZsgSkzzn8R91/yOSoc0U5IDZQfm0nr+:E2lxU3KLKOSo1UcGe0nr+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2752	LoaderV1.1.exe

Loads dropped DLL 2 IoCs

pid	Process
2212	7Xg8ed6ITLcVfSx)M1Zh2'(fk.exe
2752	LoaderV1.1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2212 wrote to memory of 2752	2212	7Xg8ed6ITLcVfSx)M1Zh2'(fk.exe	31
PID 2212 wrote to memory of 2752	2212	7Xg8ed6ITLcVfSx)M1Zh2'(fk.exe	31
PID 2212 wrote to memory of 2752	2212	7Xg8ed6ITLcVfSx)M1Zh2'(fk.exe	31

C:\Users\Admin\AppData\Local\Temp\7Xg8ed6ITLcVfSx)M1Zh2'(fk.exe
"C:\Users\Admin\AppData\Local\Temp\7Xg8ed6ITLcVfSx)M1Zh2'(fk.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2212
- C:\Users\Admin\AppData\Local\Temp\onefile_2212_133707878174656000\LoaderV1.1.exe
  C:\Users\Admin\AppData\Local\Temp\7Xg8ed6ITLcVfSx)M1Zh2'(fk.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2212_133707878174656000\LoaderV1.1.exe

Filesize
10.5MB

MD5
dcc70dc14fc8cac3b36885257fecec6f

SHA1
2401be988be5b82c01d6a4ab89cd958c4086b879

SHA256
d4ba89f1d38f60d144cc11a1d7e566a3f573c2201ed2e884c1d39a668e9327a3

SHA512
33076f1f804dbb55a859957393b76118b92d55e1eb63a38af23278794e4859f33a80cade276b95b4ea06c3b624aa41e26ade487fb12885405625fc5b2eb25975

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2212_133707878174656000\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit