ac583180386103d92ccbbab9d94223f8022f4fd475ce1a6c3a8a1911b43bdcd9

Analysis

max time kernel
120s
max time network
126s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
14-10-2024 15:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe
Size

1.5MB
MD5

5b3bd5baf8ab186dd351d303a589e4fa
SHA1

d3f7982b2bbb9a7bb90c8ef82d8e7dd32e3f43e1
SHA256

9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c
SHA512

0762d145b6f70c2137ede6c6457c1f92711431f337ccbb61fa5abcaaf535582b305e82645af762869a4ac67720d607a5a864d2f4af6880d315bcb4c2948e1c41
SSDEEP

24576:cNoF9LYbAtK5wlCDtm2MUrabZhcEGHghLjVPT+oU:cNoF9LbEwlKTMwabZjGAhLjlT+5

Score

1^/10

Malware Config

Signatures

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command and Scripting Interpreter

T1059

pid	Process
2824	ipconfig.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
320	systeminfo.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 1628	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	32
PID 3060 wrote to memory of 1628	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	32
PID 3060 wrote to memory of 1628	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	32
PID 1628 wrote to memory of 320	1628	cmd.exe	34
PID 1628 wrote to memory of 320	1628	cmd.exe	34
PID 1628 wrote to memory of 320	1628	cmd.exe	34
PID 3060 wrote to memory of 2688	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	37
PID 3060 wrote to memory of 2688	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	37
PID 3060 wrote to memory of 2688	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	37
PID 2688 wrote to memory of 2892	2688	cmd.exe	39
PID 2688 wrote to memory of 2892	2688	cmd.exe	39
PID 2688 wrote to memory of 2892	2688	cmd.exe	39
PID 3060 wrote to memory of 2236	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	40
PID 3060 wrote to memory of 2236	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	40
PID 3060 wrote to memory of 2236	3060	9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe	40
PID 2236 wrote to memory of 2824	2236	cmd.exe	42
PID 2236 wrote to memory of 2824	2236	cmd.exe	42
PID 2236 wrote to memory of 2824	2236	cmd.exe	42

C:\Users\Admin\AppData\Local\Temp\9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe
"C:\Users\Admin\AppData\Local\Temp\9335ea5a12af26b81d42abbe6db47014bd9a10b6047d318ac3e9f3fb2c939d4c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\system32\cmd.exe
  cmd.exe /c systeminfo
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1628
- - C:\Windows\system32\systeminfo.exe
    systeminfo
    3⤵
    - Gathers system information
    PID:320
- C:\Windows\system32\cmd.exe
  cmd.exe /c route print
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2688
- - C:\Windows\system32\ROUTE.EXE
    route print
    3⤵
    PID:2892
- C:\Windows\system32\cmd.exe
  cmd.exe /c ipconfig /all
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2236
- - C:\Windows\system32\ipconfig.exe
    ipconfig /all
    3⤵
    - Gathers network information
    PID:2824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3060-0-0x0000000000180000-0x0000000000191000-memory.dmp

Filesize
68KB

Download
memory/3060-1-0x0000000000180000-0x0000000000191000-memory.dmp

Filesize
68KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads