d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e

Analysis

max time kernel
4s
max time network
10s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/10/2022, 07:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e.exe
Size

316KB
MD5

c7e35572b202a69514b99c13aaf21422
SHA1

a868a6304bdbe8d46716c653b5c9e01303e799bb
SHA256

d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e
SHA512

b6bbac2ed1027451115006a5f78041d424cf13c1c3a48886b975b97ddf72790300284f5bf4ad259895a57036b8c7159c16e32066c7f1f858229ea81b137827aa
SSDEEP

6144:9rybUzkuvcBYC47l2xphuK2+Otbaysqo+/VKitoTxwbs5iD3B2phoo:9rLkuveY3EMK9ObxD/06s5w3BLo

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1788	d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e.exe
1788	d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e.exe
1788	d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum	d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e.exe

C:\Users\Admin\AppData\Local\Temp\d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e.exe
"C:\Users\Admin\AppData\Local\Temp\d735e5716967491b9ab08b69efe6082c3c2ecf58e3e2bbb7d398f95b1bec438e.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
PID:1788

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\TsuB218FE4A.dll

Filesize
168KB

MD5
a9ff078f03187e3d3aa58299b99b9ff8

SHA1
57d5b57fc2e343f2a160785b954ddb4c5160dba1

SHA256
6ac04d457ded2cf63870385121f1ded228a787a8fbaaeafcdad937dd2908d80d

SHA512
7755c1f0fe70f92778fe02d09b708902436f0915c2fdb19f6274e21a550e24848c1f2e5fcb89472b0bc682ec26f17f72d51ae186ff607816a3f06cbf56da4ce9

Download Submit
\Users\Admin\AppData\Local\Temp\{5A3F1ABD-0607-402D-A2C6-4E2581DC384B}\Custom.dll

Filesize
91KB

MD5
e6692b129ceb719afac35060c82a3f5b

SHA1
ae6add5ece16154b0954e675c45b4f9db964002b

SHA256
959d6a1a450279d35b253e104e9e5ea02d9eb996a3b8042cc31ee4891b571198

SHA512
1353b1324478322e216f559fdf35a90604764a600ab6c779e33c67622445d4b881a82bfb33454f783a4c3bb95c2f6a0c46e63c45290863d10e9bd6c2e98fe118

Download Submit
\Users\Admin\AppData\Local\Temp\{5A3F1ABD-0607-402D-A2C6-4E2581DC384B}\_Setup.dll

Filesize
149KB

MD5
207f2c1d51af4538907b3e61da1d3377

SHA1
9e37a95c8fa0f5a2e36b821545fcd0102ef07793

SHA256
7dca5653e2dbbbb21e983177dc9ddb199e3e47b19907f9dd74287ebb1c5179a6

SHA512
4d95b243735a4f922811c7f0837e3379726c9b2468e9dbeadb25b0e1f8528f8c35ef34d845f3b76f8db4ad7de06a69cba8f293fed8bbd2e7c9e7697548b4b525

Download Submit
memory/1788-55-0x00000000761F1000-0x00000000761F3000-memory.dmp

Filesize
8KB

Download