b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d

Analysis

max time kernel
200s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 15:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe
Size

313KB
MD5

019167fa7c41d93f8700fd71d2023c72
SHA1

e16501a08bb2c817b31063f55ead8ea5e797aebc
SHA256

b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d
SHA512

013e7e95aed5e2a0f63df48f3be112e0436a4acf07046ce5a4c02da90c0b70d31bb278469f58eab5589532106b476b5f36d57f22290e2d61fe25b18359a6ef5a
SSDEEP

6144:vrVX9uEo2S1YnQmCX492DkwNP3qpYFpKaD+RHQLpQA8nWfegzLPRiqzvsIBueKah:vrVtu6/eIo4eaSLpX6ReLPQqdBueKah

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
1332	b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe
1332	b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe
1332	b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Disk\Enum	b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe
Key value enumerated	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1332	b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe
1332	b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe

C:\Users\Admin\AppData\Local\Temp\b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe
"C:\Users\Admin\AppData\Local\Temp\b91a0cc35ecdc95a15f3c7f11c9f021508721733f9c6efac02e96ab64a7ee07d.exe"
1⤵
- Loads dropped DLL
- Maps connected drives based on registry
- Suspicious behavior: EnumeratesProcesses
PID:1332

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Tsu5FECEC79.dll

Filesize
269KB

MD5
af7ce801c8471c5cd19b366333c153c4

SHA1
4267749d020a362edbd25434ad65f98b073581f1

SHA256
cf7e00ba429bc9f27ccfacc49ae367054f40ada6cede9f513cc29a24e88bf49e

SHA512
88655bd940e9b540c4df551fe68135793eceed03f94389b0654637a18b252bf4d3ef73b0c49548b5fa6ba2cf6d9aff79335c4ebcc0b668e008bcc62c40d2a73c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ED2782C5-411F-4B3E-A9D5-093D36C4A033}\Custom.dll

Filesize
73KB

MD5
6aa25ff36323131e638e1d57afe646aa

SHA1
4da3d2343c07c0d5652b255af3f50521b13d5ff1

SHA256
46341d5f415b96337c561a908b0ab47280325b96d3f86ed323681674ee94cdd7

SHA512
5acadfde0b4818d4fccad8b8c4f97bf249d2f08bf567970a93ad53851b9358607140238fb630bf0d3aee7207efea0a78ee6765f9a140dd432f43eccf50a18161

Download Submit
C:\Users\Admin\AppData\Local\Temp\{ED2782C5-411F-4B3E-A9D5-093D36C4A033}\_Setup.dll

Filesize
169KB

MD5
75893407abdefeba912ca7f36b1715a0

SHA1
a54ec3353f11f69d8b3d0c204e05989e15cd653d

SHA256
4973c6ef4a67be8b76443b5238102e1aba1e811183865cd645b0f849e971d163

SHA512
df1cca69ebe46c4deba4fea5f31a50558148ceda3af2af663ff5b29d93739b630efed1a46dc008fb4c594f48c0b5ea7af68ed1a8612601c1b79ccab33610eaef

Download Submit