Overview

overview

8

Static

static

1549cf706a...9a.exe

windows7-x64

8

1549cf706a...9a.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    46s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    06/11/2022, 18:32

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    1549cf706a1cf079b703808c86427c46b508717f90c2b865f30bbfbbe77e3c9a.exe

  • Size

    349KB

  • MD5

    0748ab358a35fc8d4595dc3d4a8f8790

  • SHA1

    0a8decbb0de31085414d04eb74143dd8cd012327

  • SHA256

    1549cf706a1cf079b703808c86427c46b508717f90c2b865f30bbfbbe77e3c9a

  • SHA512

    06f9de239c7f2bb43e2af2ec3ef69dbd969ccf767a60759f3966e753e5406c11ee67a797220b77e37f9b2edd1e0063f86d924a71e28036a75a6af87bfe57d023

  • SSDEEP

    6144:p9NW40bKvfNHvJJ4q5kYoVNAHvditx5sxj3pix3+dC5ONWIWCF9lSde4uGUBKEi:p984hfNPUngvx9ixOdFoIWCblo3nE

Score
8/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 24 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Drops file in Program Files directory 16 IoCs
  • Drops file in Windows directory 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs

Processes

  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
      PID:1392
      • C:\Users\Admin\AppData\Local\Temp\1549cf706a1cf079b703808c86427c46b508717f90c2b865f30bbfbbe77e3c9a.exe
        "C:\Users\Admin\AppData\Local\Temp\1549cf706a1cf079b703808c86427c46b508717f90c2b865f30bbfbbe77e3c9a.exe"
        2⤵
        • Adds Run key to start application
        • Drops file in System32 directory
        • Drops file in Program Files directory
        • Suspicious use of WriteProcessMemory
        PID:740
        • C:\Users\Admin\AppData\Local\Temp\1549cf706a1cf079b703808c86427c46b508717f90c2b865f30bbfbbe77e3c9a.exe
          "C:\Users\Admin\AppData\Local\Temp\1549cf706a1cf079b703808c86427c46b508717f90c2b865f30bbfbbe77e3c9a.exe"
          3⤵
          • Loads dropped DLL
          • Enumerates connected drives
          • Suspicious use of WriteProcessMemory
          PID:1692
          • \??\c:\339e97a66bb88ac4f272f8c3\update\update.exe
            c:\339e97a66bb88ac4f272f8c3\update\update.exe
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in Windows directory
            • Suspicious use of AdjustPrivilegeToken
            PID:1924

    Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\339e97a66bb88ac4f272f8c3\update\update.exe
            Filesize

            411KB

            MD5

            918f548704dea6917a2fcf719d715596

            SHA1

            c8d0ed3b3e4ea7c5946fb6fb84b19b374930c673

            SHA256

            5bc84e81cc2164f8eb6ac540da01be55be0fc31a966be57b31acd17164cbc770

            SHA512

            d68affe0e1aa684cecbc8341c9c1d179b750fa4aca88f0fcaa5fff659c5651811ab6c02bbff53d9023fc545875084f73e62a3bbad9c501935e9cd3afbf1df0c0

            Download Submit

          • \339e97a66bb88ac4f272f8c3\update\update.exe
            Filesize

            411KB

            MD5

            918f548704dea6917a2fcf719d715596

            SHA1

            c8d0ed3b3e4ea7c5946fb6fb84b19b374930c673

            SHA256

            5bc84e81cc2164f8eb6ac540da01be55be0fc31a966be57b31acd17164cbc770

            SHA512

            d68affe0e1aa684cecbc8341c9c1d179b750fa4aca88f0fcaa5fff659c5651811ab6c02bbff53d9023fc545875084f73e62a3bbad9c501935e9cd3afbf1df0c0

            Download Submit

          • \339e97a66bb88ac4f272f8c3\update\update.exe
            Filesize

            411KB

            MD5

            918f548704dea6917a2fcf719d715596

            SHA1

            c8d0ed3b3e4ea7c5946fb6fb84b19b374930c673

            SHA256

            5bc84e81cc2164f8eb6ac540da01be55be0fc31a966be57b31acd17164cbc770

            SHA512

            d68affe0e1aa684cecbc8341c9c1d179b750fa4aca88f0fcaa5fff659c5651811ab6c02bbff53d9023fc545875084f73e62a3bbad9c501935e9cd3afbf1df0c0

            Download Submit

          • \339e97a66bb88ac4f272f8c3\update\update.exe
            Filesize

            411KB

            MD5

            918f548704dea6917a2fcf719d715596

            SHA1

            c8d0ed3b3e4ea7c5946fb6fb84b19b374930c673

            SHA256

            5bc84e81cc2164f8eb6ac540da01be55be0fc31a966be57b31acd17164cbc770

            SHA512

            d68affe0e1aa684cecbc8341c9c1d179b750fa4aca88f0fcaa5fff659c5651811ab6c02bbff53d9023fc545875084f73e62a3bbad9c501935e9cd3afbf1df0c0

            Download Submit

          • \339e97a66bb88ac4f272f8c3\update\update.exe
            Filesize

            411KB

            MD5

            918f548704dea6917a2fcf719d715596

            SHA1

            c8d0ed3b3e4ea7c5946fb6fb84b19b374930c673

            SHA256

            5bc84e81cc2164f8eb6ac540da01be55be0fc31a966be57b31acd17164cbc770

            SHA512

            d68affe0e1aa684cecbc8341c9c1d179b750fa4aca88f0fcaa5fff659c5651811ab6c02bbff53d9023fc545875084f73e62a3bbad9c501935e9cd3afbf1df0c0

            Download Submit

          • \??\c:\339e97a66bb88ac4f272f8c3\update\update.exe
            Filesize

            411KB

            MD5

            918f548704dea6917a2fcf719d715596

            SHA1

            c8d0ed3b3e4ea7c5946fb6fb84b19b374930c673

            SHA256

            5bc84e81cc2164f8eb6ac540da01be55be0fc31a966be57b31acd17164cbc770

            SHA512

            d68affe0e1aa684cecbc8341c9c1d179b750fa4aca88f0fcaa5fff659c5651811ab6c02bbff53d9023fc545875084f73e62a3bbad9c501935e9cd3afbf1df0c0

            Download Submit

          • \??\c:\339e97a66bb88ac4f272f8c3\update\update.inf
            Filesize

            4KB

            MD5

            30e39e98c98c84635f94b4302fd40f85

            SHA1

            51eb8fe6219aa91d90fcf105ea7640b806c438e2

            SHA256

            70fab8484d99ad0a6effab6137a0db3af491a16f41ac44665aadb71699291abb

            SHA512

            03a7f5f65b6678e08bd275d113eaddf9b97a972c033137a2d794bbccbd5b92a8bb518d7430c8caad5729ede8ba4d878f8c3ece3e317220242d6795ca4514f84d

            Download Submit

          • memory/740-54-0x0000000075A81000-0x0000000075A83000-memory.dmp

            Filesize

            8KB

            Download

          • memory/740-66-0x0000000001000000-0x000000000106E000-memory.dmp

            Filesize

            440KB

            Download

          • memory/740-67-0x0000000000170000-0x00000000001DE000-memory.dmp

            Filesize

            440KB

            Download

          • memory/1392-69-0x00000000021E0000-0x00000000021E1000-memory.dmp

            Filesize

            4KB

            Download

          • memory/1692-68-0x0000000001000000-0x000000000106E000-memory.dmp

            Filesize

            440KB

            Download

          • memory/1692-70-0x0000000000170000-0x000000000017D000-memory.dmp

            Filesize

            52KB

            Download