Analysis
-
max time kernel
150s -
max time network
43s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
04/12/2022, 01:14
General
-
Target
c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.exe
-
Size
127KB
-
MD5
1cb8ed30a8b823c97e756093fca979a0
-
SHA1
618cf805207bba375ce1cfc43f8529cc54733178
-
SHA256
c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968
-
SHA512
059ea6cf79b818767dc31fef6f9daf482fba3365f7b61790f5b96e2f29988be336a37aabc11ccfe757bd87793ae0c75adc03db5b96c346cdea6f8551ca0b4c34
-
SSDEEP
1536:554Q19FUR8N01/H5WXDBVAEejK2Jsno/m/S4XN54Q19FUR8N:T4SAR8NmgFdAQyV4X4SAR8N
Malware Config
Signatures
-
Drops file in Drivers directory 2 IoCs
-
Executes dropped EXE 2 IoCs
-
Drops startup file 1 IoCs
-
Loads dropped DLL 4 IoCs
-
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.exe"C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.exe"1⤵
- Drops file in Drivers directory
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\drivers\lsass.exe"C:\Windows\system32\drivers\lsass.exe"2⤵
- Drops file in Drivers directory
- Executes dropped EXE
- Drops startup file
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
-
-
C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.~tmp"C:\Users\Admin\AppData\Local\Temp\c7464e136d99764cc3b5d3e48e58a48ba6fe270c9cd28130cb6d7513106b5968.~tmp "2⤵
- Executes dropped EXE
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
63KB
MD53dacf372b044e128fbf5025d5259fca7
SHA1dbc538db7f624e7c369ded814fe36e2cee0bf335
SHA25697b519a4b3612573fc0691b881d091c1591a0fea831ed85b44ec1bef79346133
SHA512b569b395a1d218b01803e83a6c79af8b5708f2b47daef0e02d80c825278c67f68609e47f3b12c86859e3d0b2ad76250cdaee97d1a555276f5cbb37c3da985bcd
-
Filesize
32KB
MD5669ffd1dd6fb7a0e4ddbc3ad3b76507b
SHA1372820d6b9350ad629a489d49876d8bd422b8f31
SHA2567dc487e762e55ffa601480c4bc7948f85fcd4f025665ff599060ec1f81d7e986
SHA512cd69694ad3316c768dbe0d1514060870568c67a50785b38d402eb16e94740c5ae351eb6d47284630a2505fac50c9777bedef85608571c85385b1b9c1f12d73f5
-
Filesize
32KB
MD5669ffd1dd6fb7a0e4ddbc3ad3b76507b
SHA1372820d6b9350ad629a489d49876d8bd422b8f31
SHA2567dc487e762e55ffa601480c4bc7948f85fcd4f025665ff599060ec1f81d7e986
SHA512cd69694ad3316c768dbe0d1514060870568c67a50785b38d402eb16e94740c5ae351eb6d47284630a2505fac50c9777bedef85608571c85385b1b9c1f12d73f5
-
Filesize
63KB
MD53dacf372b044e128fbf5025d5259fca7
SHA1dbc538db7f624e7c369ded814fe36e2cee0bf335
SHA25697b519a4b3612573fc0691b881d091c1591a0fea831ed85b44ec1bef79346133
SHA512b569b395a1d218b01803e83a6c79af8b5708f2b47daef0e02d80c825278c67f68609e47f3b12c86859e3d0b2ad76250cdaee97d1a555276f5cbb37c3da985bcd
-
Filesize
63KB
MD53dacf372b044e128fbf5025d5259fca7
SHA1dbc538db7f624e7c369ded814fe36e2cee0bf335
SHA25697b519a4b3612573fc0691b881d091c1591a0fea831ed85b44ec1bef79346133
SHA512b569b395a1d218b01803e83a6c79af8b5708f2b47daef0e02d80c825278c67f68609e47f3b12c86859e3d0b2ad76250cdaee97d1a555276f5cbb37c3da985bcd
-
Filesize
32KB
MD5669ffd1dd6fb7a0e4ddbc3ad3b76507b
SHA1372820d6b9350ad629a489d49876d8bd422b8f31
SHA2567dc487e762e55ffa601480c4bc7948f85fcd4f025665ff599060ec1f81d7e986
SHA512cd69694ad3316c768dbe0d1514060870568c67a50785b38d402eb16e94740c5ae351eb6d47284630a2505fac50c9777bedef85608571c85385b1b9c1f12d73f5
-
Filesize
32KB
MD5669ffd1dd6fb7a0e4ddbc3ad3b76507b
SHA1372820d6b9350ad629a489d49876d8bd422b8f31
SHA2567dc487e762e55ffa601480c4bc7948f85fcd4f025665ff599060ec1f81d7e986
SHA512cd69694ad3316c768dbe0d1514060870568c67a50785b38d402eb16e94740c5ae351eb6d47284630a2505fac50c9777bedef85608571c85385b1b9c1f12d73f5
-
Filesize
8KB