f064e8f5b259eb2a4021e91be062580417ec5cac568f3542dcc67dd93b39f0df

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2023, 12:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

windowsdesktop-runtime-6.0.14-win-x64.exe
Size

54.7MB
MD5

44ee5a4f2be46250c18921ce1059de32
SHA1

c145fa89888b1afbb53d008baff83c2cdd54a728
SHA256

b3373b3c382534c5873d05961d40998f99819e6153437824e71453aeeed28fd6
SHA512

5281e817571afa6c5d848ed9a3fec4cb568ad8c05633cbd97e65e52f4a929d9947c390b9b3a72da6464c89450576d318b253d190776bd357327fc27031c7acdf
SSDEEP

1572864:ddWx07MwbxHJpczuTm2ydezFSj7IzR3IFkShgILrMb:vWG7hHJp62XpSYR3IFkSOnb

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1172	windowsdesktop-runtime-6.0.14-win-x64.exe

Loads dropped DLL 1 IoCs

pid	Process
1172	windowsdesktop-runtime-6.0.14-win-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4920 wrote to memory of 1172	4920	windowsdesktop-runtime-6.0.14-win-x64.exe	84
PID 4920 wrote to memory of 1172	4920	windowsdesktop-runtime-6.0.14-win-x64.exe	84
PID 4920 wrote to memory of 1172	4920	windowsdesktop-runtime-6.0.14-win-x64.exe	84

C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.14-win-x64.exe
"C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.14-win-x64.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4920
- C:\Windows\Temp\{842FFBC9-45A2-418A-B565-2F7F81F3282D}\.cr\windowsdesktop-runtime-6.0.14-win-x64.exe
  "C:\Windows\Temp\{842FFBC9-45A2-418A-B565-2F7F81F3282D}\.cr\windowsdesktop-runtime-6.0.14-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.14-win-x64.exe" -burn.filehandle.attached=536 -burn.filehandle.self=532
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1172

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{068B2C0E-22F3-44C3-A7FA-EA36C9E13B31}\.ba\bg.png

Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
C:\Windows\Temp\{068B2C0E-22F3-44C3-A7FA-EA36C9E13B31}\.ba\wixstdba.dll

Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
C:\Windows\Temp\{842FFBC9-45A2-418A-B565-2F7F81F3282D}\.cr\windowsdesktop-runtime-6.0.14-win-x64.exe

Filesize
610KB

MD5
a828a63d1758d53231e8fee1ff70561f

SHA1
fb1c93162d5187a354a681bdf81f9696a29d6df9

SHA256
42e4024f2dd0b46b16e127419ff697f4278c9a48160a516e44a03de7562d3b09

SHA512
1b866e71148fd909fca3e144eec113761b23a5eaa8912f16b65a2112f9612631e41283d961dbc7648e5391d26c06f11dda96799e8548ae3f23d5c90a43da8c44

Download Submit
C:\Windows\Temp\{842FFBC9-45A2-418A-B565-2F7F81F3282D}\.cr\windowsdesktop-runtime-6.0.14-win-x64.exe

Filesize
610KB

MD5
a828a63d1758d53231e8fee1ff70561f

SHA1
fb1c93162d5187a354a681bdf81f9696a29d6df9

SHA256
42e4024f2dd0b46b16e127419ff697f4278c9a48160a516e44a03de7562d3b09

SHA512
1b866e71148fd909fca3e144eec113761b23a5eaa8912f16b65a2112f9612631e41283d961dbc7648e5391d26c06f11dda96799e8548ae3f23d5c90a43da8c44

Download Submit