169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc

Analysis

max time kernel
22s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 02:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe
Size

1.6MB
MD5

998fb9bf5baae7d21d066ffe7a3a20ec
SHA1

7f7d1d77c0afcc89cafa83aa78489cc38c23ae38
SHA256

169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc
SHA512

c68e26083acc1974d2dc927ec3e8a3d6a46d1fe494f2c1b433a25dd5649e83d6e9abf412e004ee5a0b12f732d00b91a78f294e1e1e5fe9443f7183526d64dfc8
SSDEEP

24576:m2BbEKosPAZ3ZOOKfs6NL0CpszqtPUfRQI5n5PmSGj69bA5rV4Yihe5CpnC:Xbz183QRNLTeqU9PGjebA5rOYiZnC

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
932	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp

Loads dropped DLL 3 IoCs

pid	Process
2008	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe
932	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp
932	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
932	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp
932	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 932	2008	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe	18
PID 2008 wrote to memory of 932	2008	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe	18
PID 2008 wrote to memory of 932	2008	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe	18
PID 2008 wrote to memory of 932	2008	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe	18
PID 2008 wrote to memory of 932	2008	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe	18
PID 2008 wrote to memory of 932	2008	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe	18
PID 2008 wrote to memory of 932	2008	169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe	18

C:\Users\Admin\AppData\Local\Temp\169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe
"C:\Users\Admin\AppData\Local\Temp\169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\is-H8J74.tmp\169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-H8J74.tmp\169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp" /SL5="$70022,987588,70144,C:\Users\Admin\AppData\Local\Temp\169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  PID:932

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-H8J74.tmp\169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp

Filesize
14KB

MD5
af7b77d9014c02f6b31424f7ce43fb3b

SHA1
2e2ef54069c0aa7ad5fa1cfb3b0a3fc7fbc40ec6

SHA256
31c0c0ef8768032a46df426485b8c7dd5bdc4d72dbf2273a1b7d0311ab48e971

SHA512
6b50ac58f4ee178aa71b9f142482745bf4dd7adf75ab1f866f7cd76724c70bc6720d63f2474dd83f592580be0b4e8b71e6ab3df5c91f6cdadb7654ca5b5e3dbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-H8J74.tmp\169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp

Filesize
35KB

MD5
4764eedf6cac59f53561715668648ad2

SHA1
1813bae405d392edc16cc2a42488fdd6816751cb

SHA256
f8fca22d8fa05760ac237d9f2cc5d0423354dacbd8162a94717d4be68c6a746f

SHA512
6efb50948a9387795e379103c55b5e750e859b85806e5e063baec8acd7b5615b0655fdb4ba80c9c0f11443c3d2527814c447ed0f5c9b1358f5e695bd3a549935

Download Submit
\Users\Admin\AppData\Local\Temp\is-H8J74.tmp\169dad77b105513f115cb7f7cc494c4502dda40c39c0a8885380242e4048c1dc.tmp

Filesize
19KB

MD5
32711ae368ff3b0ad4ce0b95f9660e0d

SHA1
919568a89083f7f0015eb0b1d75645601309f305

SHA256
89be161b1c88f03817c3e8197db380b046d8a14b439c0954461d88268292d083

SHA512
63d880d651c121cb4add7553188b32ec673c1d42ae924044131eb96f25cac290a90160bce428bf83fb27ee41a5a39fd96e19904b47a159f6254d512d63bd4c3a

Download Submit
\Users\Admin\AppData\Local\Temp\is-TQK8F.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-TQK8F.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/2008-55-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download
memory/2008-54-0x0000000075A81000-0x0000000075A83000-memory.dmp

Filesize
8KB

Download
memory/2008-64-0x0000000000400000-0x0000000000418000-memory.dmp

Filesize
96KB

Download