83d0e868cf4e2ad2d538e83f97de43686f3ad21490d4baa27a7dd7ca161dcad4

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
18/10/2024, 11:42

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Ungrabber.exe
Size

9.0MB
MD5

c164c81e1ef928909a014bd6efd98d00
SHA1

845acfb2d002a36ba2a24623211cfc650df03d0b
SHA256

83d0e868cf4e2ad2d538e83f97de43686f3ad21490d4baa27a7dd7ca161dcad4
SHA512

5493cb5d0abdcf4bb5d275b6623c4f4dc298ee695ea01b9793f9715030b0f41aff1e633a1471e54aaa87bfd5afe710b510fa94286516968ef666ed9cad6cb483
SSDEEP

196608:bTJqCcBhi0Aq+WXOVSrTcaHhCfX/Y6XZAX52V2zrSyNHo:3JqCic0Aq+3SrwaBWXgUZAX52V2zrX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2920	UngrabberNspam.exe

Loads dropped DLL 2 IoCs

pid	Process
2104	Ungrabber.exe
2920	UngrabberNspam.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2104 wrote to memory of 2920	2104	Ungrabber.exe	31
PID 2104 wrote to memory of 2920	2104	Ungrabber.exe	31
PID 2104 wrote to memory of 2920	2104	Ungrabber.exe	31

C:\Users\Admin\AppData\Local\Temp\Ungrabber.exe
"C:\Users\Admin\AppData\Local\Temp\Ungrabber.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Users\Admin\AppData\Local\Temp\onefile_2104_133737253753832000\UngrabberNspam.exe
  C:\Users\Admin\AppData\Local\Temp\Ungrabber.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\onefile_2104_133737253753832000\UngrabberNspam.exe

Filesize
11.1MB

MD5
d1b74c1ec26fcf36eb472d79715be557

SHA1
9180a142b46f5ebb879a748fec67ea1754f16032

SHA256
7d9e79c9fe3520855ba3f9233311674c721449679eb9665d1155a9c5b204042a

SHA512
fb72944be60fe482e2d22feeefeec4f102f596d3f54f91c72179e9df76c796e1a7b027c4235559d1c49d8fe03d692311c249f7bec35bff12a7f4e31da6fa2d3c

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2104_133737253753832000\python310.dll

Filesize
4.2MB

MD5
384349987b60775d6fc3a6d202c3e1bd

SHA1
701cb80c55f859ad4a31c53aa744a00d61e467e5

SHA256
f281c2e252ed59dd96726dbb2de529a2b07b818e9cc3799d1ffa9883e3028ed8

SHA512
6bf3ef9f08f4fc07461b6ea8d9822568ad0a0f211e471b990f62c6713adb7b6be28b90f206a4ec0673b92bae99597d1c7785381e486f6091265c7df85ff0f9b5

Download Submit