Overview

overview

7

Static

static

32bbb15ed6...37.exe

windows7-x64

7

32bbb15ed6...37.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    148s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/10/2022, 08:45

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe

  • Size

    316KB

  • MD5

    65594137d2bab22d3367e50d8db0bfa0

  • SHA1

    c35802973aa8466754062016e87b72cecd96950f

  • SHA256

    32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937

  • SHA512

    92175a836153f9215249e4da46c66e5ba65ba735c74998dccf545b95f3fae19145f312c76a7291e68599751fce194a021ef05fc2f1d22177f73626e6d60bc2da

  • SSDEEP

    6144:qrabUzkuvcBYC47l2xgh2hyP9wUnIG2mQP6vxoG0rkKc:qrDkuveY3N2eHnIPmQP6vqvE

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe
    "C:\Users\Admin\AppData\Local\Temp\32bbb15ed6a07306ec4b9741760655ea762f11bf00cea467d2b68ab472037937.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4932

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Tsu34954B55.dll
          Filesize

          269KB

          MD5

          af7ce801c8471c5cd19b366333c153c4

          SHA1

          4267749d020a362edbd25434ad65f98b073581f1

          SHA256

          cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

          SHA512

          88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\{728D896C-0CE8-47E7-A50C-44CAA96EAB9A}\Custom.dll
          Filesize

          91KB

          MD5

          dc1e339686c8ccab49a2860c6709760b

          SHA1

          4662d7283d4ad26b4a235d82d831db526e9daa42

          SHA256

          07d70be92b1ef086f5f41f95fe14044fe8186e85a3972bb790ae143c66214f0b

          SHA512

          913e466fcae98118375c19e000c75ef03d7f5d30f16a29ad98fd90cbed425adf6415598b332cf30652a3dab2371e4a59a6a2c813d1df739bd09080e56aed9c52

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\{728D896C-0CE8-47E7-A50C-44CAA96EAB9A}\_Setup.dll
          Filesize

          173KB

          MD5

          849cfed02ed4ded563da47d93592b653

          SHA1

          bcdc289cf10557a0ee5b8a3f956739710215a4e5

          SHA256

          40f7374f5089a9429f4fe0d568364c567d535fa2d3d542d4f7dfb948c480be27

          SHA512

          8f6d24b7234efb6cbf11be13bfa11f5e6d11aea48d1c81c37a421862aa452b6af0a06bc8637b58bfae631a68aa0d532c7922ccca6433cd2e05e87198ad719cf0

          Download Submit