Analysis
-
max time kernel
126s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system -
submitted
23-11-2022 06:57
Static task
static1
Behavioral task
behavioral1
Sample
fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe
Resource
win10v2004-20221111-en
General
-
Target
fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe
-
Size
331KB
-
MD5
2be6ca74839fc561c31bb8e72a83cf72
-
SHA1
d783741d5e882f4579a42e086487871d428abf9f
-
SHA256
fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd
-
SHA512
5a1f688ead4f7dc93512c739dedc62f35e56385ba89d95253b2b0301c27b2aac14642b7fb31840e39794f90abd625ee2e4ad3b8b3b1c1ffc998d9fd3cf01255e
-
SSDEEP
6144:Miz3sFH6uzSM41JiQKDGtrXhTIZxCxykOxvQYRJsOBErsp:MizsdzsrBr3uosjvQ4BEgp
Malware Config
Signatures
-
Loads dropped DLL 3 IoCs
Processes:
fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exepid process 2028 fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe 2028 fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe 2028 fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe -
Suspicious behavior: EnumeratesProcesses 1 IoCs
Processes:
fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exepid process 2028 fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe"C:\Users\Admin\AppData\Local\Temp\fa0e68fd26b13a7afd89e72c62026c47daee81c8e3299ee5f96d17801dbffbdd.exe"1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\TsuB8160D3F.dllFilesize
278KB
MD50dab45171079ed149d085eb328ae6651
SHA172c0a2ca047d08bdaec89e4f90d515cf2cb0a874
SHA256fd0e5db89ed182858dd4375c2cd4291cab58e96dc759d40741b79441267e1492
SHA51226cde548f4e57bdeeabe03efbfc961b83f9e227eb6a64366358e97a60f05cff514f1aa5c7cd8ec4710e1cfb89fcb5a769cc255c579babb6495e09f1ce2d5de42
-
\Users\Admin\AppData\Local\Temp\{93B0E63C-D041-4C4C-AA80-79753BF87A1E}\Custom.dllFilesize
91KB
MD5de9b2b1e7a24b7fdf9d37fd648790812
SHA168547d76fa4f37f4fdbb3867735e0211b3c4615e
SHA256050cf735db8f9b071f90b3113dca58935b7e5422871852501ca146cabb42b07d
SHA512baa73c2e11025324821b03efc49787de541972521cf237ba1d842ada2b75376faee1817e8b853095d146d1fb06f4317a7714b506f43637a9225c3cab7afa100e
-
\Users\Admin\AppData\Local\Temp\{93B0E63C-D041-4C4C-AA80-79753BF87A1E}\_Setup.dllFilesize
172KB
MD5a48ce1992b79a24e02a5280dcd6597ca
SHA190c04ae83824b063217e657f8ec5033436d3598f
SHA256dbb62a224d6ce11c1c24197e626e3c3e1e2e1f64d1bae38c95c40f7ba84f9465
SHA5129f5b68d965fd08a2023c80800714395e5f66b59aad54ae63addef38abe7f2f17abff22f8c634a401f79ef7649bf79355fb94c4868af088f7f98f0451ede1a370
-
memory/2028-55-0x00000000760B1000-0x00000000760B3000-memory.dmpFilesize
8KB