e2106d47a2096a19876c82582ab45d2893cfa1707941964ecfd31292c47e97de

Analysis

max time kernel
91s
max time network
108s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2023 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

file.exe
Size

1.5MB
MD5

522659b89396f61200c5f57555536e21
SHA1

4378f8df366e315f42acb5892f38b7bd060fbe44
SHA256

e2106d47a2096a19876c82582ab45d2893cfa1707941964ecfd31292c47e97de
SHA512

65907bdaf6acb7d73fccdf2d42bc003dac7a85c0fc20ce550200c8325aa0d54a79d4d27d302217f7d3b3ce5637cdcc6bde951d37ab3ef44094354a9cf5fb6c42
SSDEEP

24576:220Sx+34phhrcXb0Om1OBexncII5GSOkl1vLrp18OXrtgXC75ld1qSVpk:228Ohr6bNHeJ7fO1zlJdd1qapk

Score

8^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1572	file.tmp
1780	MitFiles138.exe

Loads dropped DLL 1 IoCs

pid	Process
1572	file.tmp

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 17 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Mit Files\is-CFU8P.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\is-JE9P4.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-ASFQ9.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-ALOSQ.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-TMGFJ.tmp	file.tmp
File opened for modification	C:\Program Files (x86)\Mit Files\unins000.dat	file.tmp
File created	C:\Program Files (x86)\Mit Files\unins000.dat	file.tmp
File created	C:\Program Files (x86)\Mit Files\is-8ULAB.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-3DV5M.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-FV5ME.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-HHSRK.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-G6OKI.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\is-8S1PK.tmp	file.tmp
File opened for modification	C:\Program Files (x86)\Mit Files\MitFiles138.exe	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-MR1NO.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\language\is-TTH2U.tmp	file.tmp
File created	C:\Program Files (x86)\Mit Files\is-07FD2.tmp	file.tmp

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1628 wrote to memory of 1572	1628	file.exe	80
PID 1628 wrote to memory of 1572	1628	file.exe	80
PID 1628 wrote to memory of 1572	1628	file.exe	80
PID 1572 wrote to memory of 1780	1572	file.tmp	81
PID 1572 wrote to memory of 1780	1572	file.tmp	81
PID 1572 wrote to memory of 1780	1572	file.tmp	81

C:\Users\Admin\AppData\Local\Temp\file.exe
"C:\Users\Admin\AppData\Local\Temp\file.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1628
- C:\Users\Admin\AppData\Local\Temp\is-5U8N9.tmp\file.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-5U8N9.tmp\file.tmp" /SL5="$801C0,1327879,483328,C:\Users\Admin\AppData\Local\Temp\file.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:1572
- - C:\Program Files (x86)\Mit Files\MitFiles138.exe
    "C:\Program Files (x86)\Mit Files\MitFiles138.exe"
    3⤵
    - Executes dropped EXE
    PID:1780

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Mit Files\MitFiles138.exe

Filesize
1.8MB

MD5
05817b5db5ae845453fadc13669bc85f

SHA1
c87251e8050737d864bb6b0f9b5d6c69ab31edcf

SHA256
10f7e72b608d4f43300aea8b537a36fff27e9c3e6983dba64d9e0555bc6d49d4

SHA512
956e69d4d485285d13beb7681bf16951ec4a276e874ae7eacf108d58e4fd88d756f6b23dde91d4f8a2361228911b371d9771f560c414379d81af14deb8c60455

Download Submit
C:\Program Files (x86)\Mit Files\MitFiles138.exe

Filesize
1.8MB

MD5
05817b5db5ae845453fadc13669bc85f

SHA1
c87251e8050737d864bb6b0f9b5d6c69ab31edcf

SHA256
10f7e72b608d4f43300aea8b537a36fff27e9c3e6983dba64d9e0555bc6d49d4

SHA512
956e69d4d485285d13beb7681bf16951ec4a276e874ae7eacf108d58e4fd88d756f6b23dde91d4f8a2361228911b371d9771f560c414379d81af14deb8c60455

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5U8N9.tmp\file.tmp

Filesize
695KB

MD5
415533bb40980951c966665cff9e2fe7

SHA1
fce396c8fa01876dd008f22c8be9a9b706f4aaec

SHA256
f688364bb17f03e53de641e7a0b0efefe30ac155fa9fa414a2150204ed9d3734

SHA512
3a8f88fa83e9f8be96fc9a0e8b47536455f50b1c511210d98fa178444b1e5ad1943cc3000e869f6dba4c782b48a3538d0b52d5e29ce3a692636aefc0e52083ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-5U8N9.tmp\file.tmp

Filesize
695KB

MD5
415533bb40980951c966665cff9e2fe7

SHA1
fce396c8fa01876dd008f22c8be9a9b706f4aaec

SHA256
f688364bb17f03e53de641e7a0b0efefe30ac155fa9fa414a2150204ed9d3734

SHA512
3a8f88fa83e9f8be96fc9a0e8b47536455f50b1c511210d98fa178444b1e5ad1943cc3000e869f6dba4c782b48a3538d0b52d5e29ce3a692636aefc0e52083ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-DQLPB.tmp\_isetup\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/1628-132-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/1628-138-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/1628-143-0x0000000000400000-0x000000000047D000-memory.dmp

Filesize
500KB

Download
memory/1780-142-0x0000000000400000-0x00000000013C2000-memory.dmp

Filesize
15.8MB

Download