9371a656feffb9e8e4fe70ce3fa01352af3035b5afaddbe4332442fc1dbb8ff0

Analysis

max time kernel
93s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2024 18:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

My Program/RockerLegacy/Uninstall.exe
Size

477KB
MD5

4783f1a5f0bba7a6a40cb74bc8c41217
SHA1

a22b9dc8074296841a5a78ea41f0e2270f7b7ad7
SHA256

f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c
SHA512

463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e
SSDEEP

12288:9Z5zraThq5dDnHEJt1kXm+wBhvBJ/+5IISY1A9h:9Z5n2hsdDnkGXm9Bhvn/+r1+h

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2548	Uninstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2004 wrote to memory of 4868	2004	Uninstall.exe	85
PID 2004 wrote to memory of 4868	2004	Uninstall.exe	85
PID 4868 wrote to memory of 2548	4868	cmd.exe	87
PID 4868 wrote to memory of 2548	4868	cmd.exe	87

C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2004
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Uninstall_Rar.Bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4868
- - C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Uninstall.exe
    "C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Uninstall.exe" /wait
    3⤵
    - Executes dropped EXE
    PID:2548

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\My Program\RockerLegacy\Uninstall.exe

Filesize
477KB

MD5
4783f1a5f0bba7a6a40cb74bc8c41217

SHA1
a22b9dc8074296841a5a78ea41f0e2270f7b7ad7

SHA256
f376aaa0d4444d0727db5598e8377f9f1606400adbbb4772d39d1e4937d5f28c

SHA512
463dff17f06eca41ae76e3c0b2efc4ef36529aa2eaed5163eec0a912fe7802c9fb38c37acfe94b82972861aaf1acf02823a5948fbb3292bb4743641acb99841e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Uninstall_Rar.Bat

Filesize
1KB

MD5
8e4f8b45ac62e4d53dbab467142fada3

SHA1
40c6940ceda44d8f4aefc6538fc5fba2b0cc9196

SHA256
2fcd6257f13b0e8c61448ac7659097e6e3774f14589f5525328ec293ff9c94b6

SHA512
b02894523435014465c2ad122138a401fc506a1d17d967afe4455ebb025f681ca3e9c4fe4b7462efbdb657dc794f620068c3d08114bc58ab3903c37e5e0d9057

Download Submit