Analysis
-
max time kernel
122s -
max time network
123s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system -
submitted
04/11/2024, 21:29
Static task
static1
Behavioral task
behavioral1
Sample
39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe
Resource
win7-20240903-en
Behavioral task
behavioral2
Sample
39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe
Resource
win10v2004-20241007-en
General
-
Target
39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe
-
Size
8.5MB
-
MD5
d951faa8661e5491de72c8d067916c4d
-
SHA1
438f90f3579cbc5a0e9ad852dcdb831ffe9545fa
-
SHA256
39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00
-
SHA512
c0675e116b2fe997f060a044c658536668150bf0cb72d40979e162e6a03f63a59a348f0a4a2364d4a237f0888db84ca637213eff2843ffca0026024adc3b1b2a
-
SSDEEP
196608:ETcUUuvyn6cmN2cuBAgcSd3cWES7EY3uKgzk+3QQSedWJwagKQqxkYLfy:EwhuYR9zcGL3EYeKsk+3QmdWJwQLfy
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2332 DarkEngine.exe -
Loads dropped DLL 2 IoCs
pid Process 2908 39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe 2332 DarkEngine.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
description pid Process procid_target PID 2908 wrote to memory of 2332 2908 39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe 30 PID 2908 wrote to memory of 2332 2908 39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe 30 PID 2908 wrote to memory of 2332 2908 39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe 30
Processes
-
C:\Users\Admin\AppData\Local\Temp\39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe"C:\Users\Admin\AppData\Local\Temp\39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2908 -
C:\Users\Admin\AppData\Local\Temp\onefile_2908_133752293623310000\DarkEngine.exeC:\Users\Admin\AppData\Local\Temp\39525e447800ddb94d0afdfc345884a9f3ee654fdc254d745d99645fcc21bf00.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2332
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10.9MB
MD5a4049a76d21c26ef9017251d9d02a102
SHA1ea578987927da1752e4977e922367eea555c02b7
SHA256839f44ebf68fca6a94a9dd13e5d81821f80415eb2436ce021d22889dd46bec50
SHA5121e59b0620882e52a7b2dfc3aaa09d7f7c96a4a22e9668d695c10c6b287493307780ab3b4245846b243ac9f902df74b21cb39369f559677d7a8eaa810a62fd242
-
Filesize
6.6MB
MD5166cc2f997cba5fc011820e6b46e8ea7
SHA1d6179213afea084f02566ea190202c752286ca1f
SHA256c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546
SHA51249d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb