40fe066089810be5f81182670c58a8e326ab4b86362c6b63d9e8e6b982045c17

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
28-11-2024 05:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

www.exe
Size

10.5MB
MD5

b94d63a2c797d7456c84da31a957ea03
SHA1

b96f1f6597dfab5bc5f09e7a5655978ca8e879c5
SHA256

94829493b5fc8b25067a0ef914c898d6d62062f2791cf793e2590c48b6496b14
SHA512

6f80234f84638d51cd6909d04dca25c2b48026657d025e564460315f6c279744ac75132d5aedbc214032bc0538c97868d11c7a290be5e3ff7c33e5b1ee1fa8ca
SSDEEP

196608:GbcfzHZaeMtt1Kxlm9au4jLSZZtyRB49n/Z3dd06GMXByrfb7mSWugrr:UkzH9xjLSZW0p/Z3dd0lMXwfbxgP

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2568	www.exe

Loads dropped DLL 2 IoCs

pid	Process
2812	www.exe
2568	www.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2812 wrote to memory of 2568	2812	www.exe	30
PID 2812 wrote to memory of 2568	2812	www.exe	30
PID 2812 wrote to memory of 2568	2812	www.exe	30

C:\Users\Admin\AppData\Local\Temp\www.exe
"C:\Users\Admin\AppData\Local\Temp\www.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Temp\onefile_2812_133772443445084000\www.exe
  C:\Users\Admin\AppData\Local\Temp\www.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_2812_133772443445084000\www.exe

Filesize
14.5MB

MD5
ba00d2d32a8176ab433b2b3363245c3d

SHA1
31913bcc8dcc014b239cc2c3e55a9d88e627520d

SHA256
4d6e6dcf06a31dcdc224a7b63d866af648bd816f415b77060d86ba3e63ddf60f

SHA512
6cf59ce43ce8e14f287a5718987aa2e14174fb895a4ee814c54ba0cfaad02592bd4d02b95f179f2eb671087b74215c266125d2bbe8a54650473fc5ae14187fcf

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_2812_133772443445084000\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit