Overview

overview

7

Static

static

ddf7e94477...c7.exe

windows7-x64

7

ddf7e94477...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    123s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30/10/2022, 15:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ddf7e9447786b4b7258a779d65e12fb74907c6301659bc85266294e48c61c9c7.exe

  • Size

    316KB

  • MD5

    81a6441a894e7fad2048fe4be96df4b0

  • SHA1

    bae9b8781c763c34cd4ea84817d364dd5cb6841c

  • SHA256

    ddf7e9447786b4b7258a779d65e12fb74907c6301659bc85266294e48c61c9c7

  • SHA512

    43ff5a67d50279387b07aa212ec979399fc8640d3e456f0b0196938dd38c12fb51b09be592f0790b0af616568f10a9edd5abdbb8a8e9e07acda0e94879abb8d0

  • SSDEEP

    6144:9rJbUzkuvcBYC47l2xuNfL2pAgWriSTb3Z9xuzSCR2bSj:9r6kuveY3TT2XdGp9xRC4bSj

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\ddf7e9447786b4b7258a779d65e12fb74907c6301659bc85266294e48c61c9c7.exe
    "C:\Users\Admin\AppData\Local\Temp\ddf7e9447786b4b7258a779d65e12fb74907c6301659bc85266294e48c61c9c7.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2064
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\_tin240F.bat"
      2⤵
        PID:4612

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\ProgramData\InstallMate\BCE8C071\cfg\1.ini
      Filesize

      850B

      MD5

      22ddf7bbce97aab89eac276be428571e

      SHA1

      d6c0e210435e67e95aa8303a862fa9ea110faa3a

      SHA256

      aabdfde6a82e40749cec42f31078f260b8621c0654aeb6f2f8f669ded4bbf297

      SHA512

      c26d2e8e68e1aae15c804eff829fd1404544bc7f7a24d3e791321e0816d55bd8b30086d4fb3562e5b29c48b987988a8a5b0e7b4723e9a8d2426f0ad3c502e203

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\Tsu0D2A98C5.dll
      Filesize

      269KB

      MD5

      af7ce801c8471c5cd19b366333c153c4

      SHA1

      4267749d020a362edbd25434ad65f98b073581f1

      SHA256

      cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

      SHA512

      88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\_tin240F.bat
      Filesize

      50B

      MD5

      b80f8cb44c03e6c539b14f5b63d1f31f

      SHA1

      91ae802712da807f8c194dd64293de2c7b2bb06d

      SHA256

      f771d2fe4a8e1aa7ffe4d4b70a5f9f0d9ec4a6128798e6b2bb00d7d776273602

      SHA512

      bb894ae35b654a5209b57ba1a158bc2a0210ade07a4c27fb4bea394f31b71823bf4cdfd3f6a189eaeb6cad37effa231323d46669ea8b7d983c314e7b47f084f9

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{DE8EDC40-6B62-4496-A67D-2340056DFEB6}\Custom.dll
      Filesize

      91KB

      MD5

      aab03c84db6cba9639d49888a5f0cae1

      SHA1

      f27e6a68da55cb9b6e25b1ddf1c21a77bf6605ae

      SHA256

      72041aa64738b7cfbf8c10d8c8fcadf208240d3d69f0d546e2a923ed9a79cd32

      SHA512

      9c5c935e041d3f7388b9abb4ce20b02a0a9b6d8616182bf717431dac38686f983eb2da2893b60106367970c7a13b845df46279c1a8d64263873ccf1505e731c0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\{DE8EDC40-6B62-4496-A67D-2340056DFEB6}\_Setup.dll
      Filesize

      173KB

      MD5

      0518cb1e0dc406122ccdabd50aeafb76

      SHA1

      53e860574019872b2a740b4bc345db7972b06a87

      SHA256

      77e1fae9a24895805780626e4a27a75d91528e73830a7dc33b154fb868b70df2

      SHA512

      989fcf7d0a2cec0d8bafeb08f1f4a3a8f44a6a5d4e6831ff993e907d88b8226d89c5235b03e421d4802071edb0787b36c11c39f0faebe7edd2fca9e33989c40c

      Download Submit