8d60ec8f964bdbc7ebbe1c804f4fc61c3037932e36e4604ce22c7c53708965e2

Analysis

max time kernel
121s
max time network
122s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17/10/2024, 12:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

loader.exe
Size

13.1MB
MD5

c68614d533743ae7e4b6e878217e53b8
SHA1

835763f3dedaf34e65465bb31f73d75ce8aca910
SHA256

8d60ec8f964bdbc7ebbe1c804f4fc61c3037932e36e4604ce22c7c53708965e2
SHA512

8e1c6dd70ba37b6bc2051d8aa0bf4296ef40a01bce57c88f20701722498ca1662ba9c21704e8470ade072636cab4370cf97c49d37a9a789e90a30c7c59b00ac4
SSDEEP

196608:s0/iI6sGaFIwnE4B4LoYkoSY13dxliaMf4QNHCtgdFfiJZgZp0TODhRF8QRn5:fRnEAWtkoDV4DHIgdEmZp0TsF/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2796	loader.exe

Loads dropped DLL 2 IoCs

pid	Process
2060	loader.exe
2796	loader.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2060 wrote to memory of 2796	2060	loader.exe	31
PID 2060 wrote to memory of 2796	2060	loader.exe	31
PID 2060 wrote to memory of 2796	2060	loader.exe	31

C:\Users\Admin\AppData\Local\Temp\loader.exe
"C:\Users\Admin\AppData\Local\Temp\loader.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2060
- C:\Users\Admin\AppData\Local\Temp\onefile_2060_133736416174312000\loader.exe
  C:\Users\Admin\AppData\Local\Temp\loader.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2796

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2060_133736416174312000\loader.exe

Filesize
16.0MB

MD5
e0341943bc335be7a8ea548918847496

SHA1
226ae7685fdc2378df34d56320b5f24ede1a92e9

SHA256
16040ffcf383546311f7f8ecb6117890163cceb2ab5620d671fe05b7da1a8edd

SHA512
8ff8cb07193dc63feefd593663f5a47f0f8bc69757724c4757fb86b80d0b5adbf10765ddd8cc87daca071963a637174214c195893520c4bd3748be862147399d

Download Submit
C:\Users\Admin\AppData\Local\Temp\onefile_2060_133736416174312000\python312.dll

Filesize
6.6MB

MD5
cae8fa4e7cb32da83acf655c2c39d9e1

SHA1
7a0055588a2d232be8c56791642cb0f5abbc71f8

SHA256
8ad53c67c2b4db4387d5f72ee2a3ca80c40af444b22bf41a6cfda2225a27bb93

SHA512
db2190da2c35bceed0ef91d7553ff0dea442286490145c3d0e89db59ba1299b0851e601cc324b5f7fd026414fc73755e8eff2ef5fb5eeb1c54a9e13e7c66dd0c

Download Submit