a468ef9f97228836ec9f93c605717b79c397bc72ce52dbdba76f5e81673df3a8

Analysis

max time kernel
118s
max time network
129s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
05-10-2024 06:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Valid.exe
Size

47.1MB
MD5

f3b6c826b524f0633407f83a08c1fc0e
SHA1

b1abbbeaed66803bd7cc0ae1aa39df873e3a012c
SHA256

a468ef9f97228836ec9f93c605717b79c397bc72ce52dbdba76f5e81673df3a8
SHA512

c955f76e9624edb514c52dfc1ab51ae1bc2c93054e7af207a04b3a913bae77f5f02cbbf0ab38336070bdadff4a9ea89b0e2a0a713062897727cee38e0fa80f8f
SSDEEP

786432:SSaxOSmEucd8/6KHAMFhZ/OHpolhqbHJX/8gLq23/Wqpl3AnPTKIIEOw4cZACg4:S4SmEuccFNvVQ08bxHLq4esmZIEbR

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2984	Valid.exe

Loads dropped DLL 2 IoCs

pid	Process
2756	Valid.exe
2984	Valid.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 2984	2756	Valid.exe	31
PID 2756 wrote to memory of 2984	2756	Valid.exe	31
PID 2756 wrote to memory of 2984	2756	Valid.exe	31

C:\Users\Admin\AppData\Local\Temp\Valid.exe
"C:\Users\Admin\AppData\Local\Temp\Valid.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Users\Admin\AppData\Local\Temp\onefile_2756_133725840786766000\Valid.exe
  C:\Users\Admin\AppData\Local\Temp\Valid.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2756_133725840786766000\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2756_133725840786766000\Valid.exe

Filesize
27.1MB

MD5
eb83e1ab82a92276cc26b64304f3eb24

SHA1
a7ee5e8209762d142f12781faa47815fe1ce83c4

SHA256
d1323c7d6a9515bf07bf85fefd5746ea7b774cad232981463cbf53080b26f186

SHA512
0df4f2a07ef6af62e72708487d442e74c3201678b38eef1ace1527a84aa2bbd109d22683fc61b4816075c932501674d1f5aa240a8ac38f82f4732d25a0ca8611

Download Submit