467f66d64ac576529234ed7cc6048515a5c7cfe476537949422141286a47730c

Resubmissions

25/01/2025, 02:46

250125-c9q37atjcn 9

24/01/2025, 23:20

250124-3bhbhavpfp 9

Analysis

max time kernel
117s
max time network
124s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
25/01/2025, 02:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DECRYPT.exe
Size

21.8MB
MD5

841e54e543dfdaba4f4e8b4e38942d1e
SHA1

f87b4f5ce54bf446e3c7e4beb32870641f30cefa
SHA256

17b697a8b157e4c40c5e970cf895528784732c8a2e48dbc71c8fa174b4aacd1c
SHA512

a2d968ec4f33fa4a27984b9c92b9e05b128409ca8d89a75525afc57710534fadb70223d52ef1eeb8dd3e891392c58c385901a5260a5d2baca1413fac291fd0ac
SSDEEP

393216:xFaSF52WFt4BV/TbyG7QZDB9jezK0feetyKyBZcbwEskKNW+GJW2a6C:xFtfF2NPyV17uK0fxtyC3KN+JWrj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2972	DECRYPT.exe

Loads dropped DLL 2 IoCs

pid	Process
1740	DECRYPT.exe
2972	DECRYPT.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1740 wrote to memory of 2972	1740	DECRYPT.exe	31
PID 1740 wrote to memory of 2972	1740	DECRYPT.exe	31
PID 1740 wrote to memory of 2972	1740	DECRYPT.exe	31

C:\Users\Admin\AppData\Local\Temp\DECRYPT.exe
"C:\Users\Admin\AppData\Local\Temp\DECRYPT.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1740
- C:\Users\Admin\AppData\Local\Temp\onefile_1740_133822468649072000\DECRYPT.exe
  C:\Users\Admin\AppData\Local\Temp\DECRYPT.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\onefile_1740_133822468649072000\DECRYPT.exe

Filesize
8.2MB

MD5
a12a3a153766830021bc156db0f5036a

SHA1
37ecd5a787df5a99a84451e5b7ca4f18f3a13c5e

SHA256
343b92aeccb61845148bd143d97493f3059f51853716a34b7ebfe862529c5037

SHA512
932166f37dca84cab822373f05384b988c36d78a1b2b66feabdbdebd29b69f60f1fb70950210da81db0bf13e135cf8358834df28a6c648802bec793bfd30e9aa

Download Submit
\Users\Admin\AppData\Local\Temp\onefile_1740_133822468649072000\python311.dll

Filesize
5.5MB

MD5
65e381a0b1bc05f71c139b0c7a5b8eb2

SHA1
7c4a3adf21ebcee5405288fc81fc4be75019d472

SHA256
53a969094231b9032abe4148939ce08a3a4e4b30b0459fc7d90c89f65e8dcd4a

SHA512
4db465ef927dfb019ab6faec3a3538b0c3a8693ea3c2148fd16163bf31c03c899dfdf350c31457edf64e671e3cc3e46851f32f0f84b267535bebc4768ef53d39

Download Submit