7ac7096ac0d29805f2fa29fa229384a68b2e338e9d74968dd7e1a00adaa904a3

Resubmissions

25-06-2024 09:30

240625-lgn8kavcnr 10

25-06-2024 09:25

240625-ldw41a1emf 10

25-06-2024 09:19

240625-laeesa1cqa 10

Analysis

max time kernel
140s
max time network
141s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
25-06-2024 09:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

YAPM-v2.4.1-Setup.exe
Size

1.3MB
MD5

90f828cd8df173636ae4a2233e70f774
SHA1

66924c162a8a4e17b8f8fe19c246f6586e359d98
SHA256

7ac7096ac0d29805f2fa29fa229384a68b2e338e9d74968dd7e1a00adaa904a3
SHA512

424b90603387cbfcd7aba6b1b4d3dce0af3f680b5944ce01541bcf73140e2583b524933972825473872c400e5e06fff02f45d9282d88997004777a09cb410c06
SSDEEP

24576:H+qqcWrftGXFOD6LRhKPVjcHx59UEugS+jcz1pxSo6WP58wrzWlXMMiM1K2xvj3Q:JIGXN1hqVcDKEHS+ohSoVP58EWlF1zBE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

YAPM-v2.4.1-Setup.tmp

pid process

2340 YAPM-v2.4.1-Setup.tmp
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
2340	YAPM-v2.4.1-Setup.tmp

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

YAPM-v2.4.1-Setup.exe

description	pid	process	target process
PID 1352 wrote to memory of 2340	1352	YAPM-v2.4.1-Setup.exe	YAPM-v2.4.1-Setup.tmp
PID 1352 wrote to memory of 2340	1352	YAPM-v2.4.1-Setup.exe	YAPM-v2.4.1-Setup.tmp
PID 1352 wrote to memory of 2340	1352	YAPM-v2.4.1-Setup.exe	YAPM-v2.4.1-Setup.tmp

C:\Users\Admin\AppData\Local\Temp\YAPM-v2.4.1-Setup.exe
"C:\Users\Admin\AppData\Local\Temp\YAPM-v2.4.1-Setup.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1352

C:\Users\Admin\AppData\Local\Temp\is-35EBU.tmp\YAPM-v2.4.1-Setup.tmp
"C:\Users\Admin\AppData\Local\Temp\is-35EBU.tmp\YAPM-v2.4.1-Setup.tmp" /SL5="$40202,873450,187904,C:\Users\Admin\AppData\Local\Temp\YAPM-v2.4.1-Setup.exe"
2⤵
- Executes dropped EXE
PID:2340

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-35EBU.tmp\YAPM-v2.4.1-Setup.tmp
Filesize
1.2MB

MD5
4bbb6af20037ff0a429b494c9cc3b922

SHA1
d3a400c2627460bc4c5d6b686dc0a7d6f7842be9

SHA256
fd1ec145fec2ae61e534951ce597597537cf4c775c464a9d8793667131f305d7

SHA512
31995b56d53377f2cd53ef42e6d9f32287409fdf054d8beb8725ea7e46046ec1f8b2df74fd9780e1c7a53feb08c93f4b550e7e07e550b382cdf60235490abca8

Download Submit
memory/1352-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/1352-2-0x0000000000401000-0x0000000000417000-memory.dmp

Filesize
88KB

Download
memory/1352-12-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2340-11-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download
memory/2340-13-0x0000000000400000-0x0000000000544000-memory.dmp

Filesize
1.3MB

Download