89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d

Analysis

max time kernel
144s
max time network
147s
platform
windows10-1703_x64
resource
win10-20220812-en
resource tags

arch:x64arch:x86image:win10-20220812-enlocale:en-usos:windows10-1703-x64system
submitted
12/02/2023, 22:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe
Size

277KB
MD5

cae3f56f14bca6f1ba6ce2ff9a4a60c6
SHA1

3eb77f5eaf13b51ddb32c49c2e28044ca3305cd7
SHA256

89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d
SHA512

c1c723937ff4b62a476733c2617c80990c90d3e861b4753e224202b8c59fae98f5dc59cbcb1ed6a4049b03360c696d99b0bc1483c3d5e34b7cd4722480c3494c
SSDEEP

3072:MNXEGZJWhfNFC4S60+XoLczrVmXMI3gosItFjCf5LYbetfx1oigDseH01ne4PKiP:6XzKdNY49u8rVV40Ffx1oiq01netM

Score

7^/10

upx

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
4880	ITS SB App Switch.exe
4932	ITS SB App Switch.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3808-124-0x0000000001130000-0x00000000011D0000-memory.dmp	upx
behavioral1/memory/3808-220-0x0000000001130000-0x00000000011D0000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe
3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe
3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe
3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 4880	3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe	66
PID 3808 wrote to memory of 4880	3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe	66
PID 3808 wrote to memory of 4880	3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe	66
PID 3808 wrote to memory of 4932	3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe	67
PID 3808 wrote to memory of 4932	3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe	67
PID 3808 wrote to memory of 4932	3808	89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe	67

C:\Users\Admin\AppData\Local\Temp\89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe
"C:\Users\Admin\AppData\Local\Temp\89472ad7a49bb1f1614adfeed00d4df17524119ca4325c6f478815c5848a167d.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe
  "C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe"
  2⤵
  - Executes dropped EXE
  PID:4880
- C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe
  "C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe"
  2⤵
  - Executes dropped EXE
  PID:4932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe

Filesize
87KB

MD5
368332fca74f48697d842c5f4698ae1d

SHA1
0275153a1e62bd0eca0b02168895517ed66aac56

SHA256
3a4a5b128c3a042010824fd33b719466b0d9320aa051ca3d5f1690124766ad59

SHA512
fd9f1d1a4337e00fef5e9ea10a7fdf553e98df2cf2fdf818b68689a89de3c1d324de389e0c9ef863fef08a3dff8150db173b2203e9e92efaea67865e8d2805b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ITS\wincsecb\264\Production\ITS SB App Switch.exe

Filesize
87KB

MD5
368332fca74f48697d842c5f4698ae1d

SHA1
0275153a1e62bd0eca0b02168895517ed66aac56

SHA256
3a4a5b128c3a042010824fd33b719466b0d9320aa051ca3d5f1690124766ad59

SHA512
fd9f1d1a4337e00fef5e9ea10a7fdf553e98df2cf2fdf818b68689a89de3c1d324de389e0c9ef863fef08a3dff8150db173b2203e9e92efaea67865e8d2805b5

Download Submit
memory/3808-153-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-156-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-123-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-124-0x0000000001130000-0x00000000011D0000-memory.dmp

Filesize
640KB

Download
memory/3808-121-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-126-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-127-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-128-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-129-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-130-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-131-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-132-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-133-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-134-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-135-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-136-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-137-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-138-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-139-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-140-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-141-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-142-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-143-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-144-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-145-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-146-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-148-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-147-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-149-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-150-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-151-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-152-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-125-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-122-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-220-0x0000000001130000-0x00000000011D0000-memory.dmp

Filesize
640KB

Download
memory/3808-154-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-157-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-158-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-159-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-160-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-161-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-162-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-171-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-174-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-120-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-182-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-186-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-185-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-155-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/3808-177-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4880-165-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-183-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-175-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-179-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-180-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-181-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-172-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-170-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-178-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-187-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-168-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-188-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-176-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-169-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-173-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download
memory/4932-184-0x0000000077600000-0x000000007778E000-memory.dmp

Filesize
1.6MB

Download