Overview

overview

7

Static

static

1

sp44429.exe

windows10-1703-x64

7

Resubmissions

23/04/2023, 01:18

230423-bnzmrshh85 7

23/04/2023, 01:12

230423-bks1tahh62 7

23/04/2023, 01:06

230423-bglsbshh49 7

23/04/2023, 00:56

230423-bawnyshh24 7

Analysis

  • max time kernel
    142s
  • max time network
    59s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-es
  • resource tags

    arch:x64arch:x86image:win10-20230220-eslocale:es-esos:windows10-1703-x64systemwindows
  • submitted
    23/04/2023, 01:06

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    sp44429.exe

  • Size

    158.0MB

  • MD5

    436b4c59b33ecf96d2db0cf9a85b1d25

  • SHA1

    6d7933eba9d282ea191fad9a3adfe46ded14d500

  • SHA256

    31ec10a981ec04a51c7b63b04213f950301e63f13fb7e380008c71484ee27472

  • SHA512

    5959c03de8818a16528403211d89b44e68a6f483d16f2303be4dde51a9c4e154d18e25de72a997d30d1c65c652db82b912344c9c54c02d00b27c91ce41876f0a

  • SSDEEP

    3145728:lLq7dC1dMBx9KiZvtaaasv6L+DFgzaTgb9Ay3A5PJLyM:lOudK+3aak6L+ZpTGG3T

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\sp44429.exe
    "C:\Users\Admin\AppData\Local\Temp\sp44429.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1264
    • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\install.exe
      "C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\install.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      PID:4728
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Drops file in Windows directory
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3268

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\WBDIB44I.DLL
    Filesize

    1.1MB

    MD5

    13a9a355587a2d5c92a954a09e05730a

    SHA1

    9a376ef91ef43a206c7ff0126a712df7c058cf22

    SHA256

    8e4c71e6c48be26373c0443366bae87c13b6cabb8367e0102fcaac8da4430ba9

    SHA512

    d23c6da056561d1d8c2be19aa1d2af0a9df5ae85dd9de29cf49d00b605033150f1f1dcb4074445d18143db1cda2b5cc9633a9c60289aa1f78ef5c4036db27578

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\WBDIB44I.DLL
    Filesize

    1.1MB

    MD5

    13a9a355587a2d5c92a954a09e05730a

    SHA1

    9a376ef91ef43a206c7ff0126a712df7c058cf22

    SHA256

    8e4c71e6c48be26373c0443366bae87c13b6cabb8367e0102fcaac8da4430ba9

    SHA512

    d23c6da056561d1d8c2be19aa1d2af0a9df5ae85dd9de29cf49d00b605033150f1f1dcb4074445d18143db1cda2b5cc9633a9c60289aa1f78ef5c4036db27578

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\cPC_DMIRD.dll
    Filesize

    248KB

    MD5

    1b14b9b4324dd25841e18825546519a3

    SHA1

    7e69b4eaec1dfaeb3da63056325547d23dda492c

    SHA256

    cc1832c2426a5749af4bb61ad46448c75f07c538828d7685b75690f872e51bb4

    SHA512

    72b88be3a41fedfea2b01da8108055b63915320f192aacd819f3b1be59ea08b82ad05a40814b30c6460cc1c1a6a3a1d8b729e13bae172c9d2746330def23518b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\cPC_DMIRD.dll
    Filesize

    248KB

    MD5

    1b14b9b4324dd25841e18825546519a3

    SHA1

    7e69b4eaec1dfaeb3da63056325547d23dda492c

    SHA256

    cc1832c2426a5749af4bb61ad46448c75f07c538828d7685b75690f872e51bb4

    SHA512

    72b88be3a41fedfea2b01da8108055b63915320f192aacd819f3b1be59ea08b82ad05a40814b30c6460cc1c1a6a3a1d8b729e13bae172c9d2746330def23518b

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\install.exe
    Filesize

    1.3MB

    MD5

    5f0236b3538d6cd4b6591101993d619c

    SHA1

    41b86d4cc4973a94a1415db6606bd1c9517979dc

    SHA256

    3dc4c100f36d82f967bcb5f53ebe2b66f5af1619c11ecba35f40ea8b8ad5e2c8

    SHA512

    db0c9222789d81e0c848d13c94f0ac9ff8b884562c84d95299b2237eedf1741317a2247e17c0037a0409bfa1b73ae08afae18701f4cad8ee96a5b754f3fc453d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\install.exe
    Filesize

    1.3MB

    MD5

    5f0236b3538d6cd4b6591101993d619c

    SHA1

    41b86d4cc4973a94a1415db6606bd1c9517979dc

    SHA256

    3dc4c100f36d82f967bcb5f53ebe2b66f5af1619c11ecba35f40ea8b8ad5e2c8

    SHA512

    db0c9222789d81e0c848d13c94f0ac9ff8b884562c84d95299b2237eedf1741317a2247e17c0037a0409bfa1b73ae08afae18701f4cad8ee96a5b754f3fc453d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\install.exe
    Filesize

    1.3MB

    MD5

    5f0236b3538d6cd4b6591101993d619c

    SHA1

    41b86d4cc4973a94a1415db6606bd1c9517979dc

    SHA256

    3dc4c100f36d82f967bcb5f53ebe2b66f5af1619c11ecba35f40ea8b8ad5e2c8

    SHA512

    db0c9222789d81e0c848d13c94f0ac9ff8b884562c84d95299b2237eedf1741317a2247e17c0037a0409bfa1b73ae08afae18701f4cad8ee96a5b754f3fc453d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\pftw1.pkg
    Filesize

    157.7MB

    MD5

    3e53f701f1753ea2e5f49bf3bff350ca

    SHA1

    f58e5946c117500af3308694af45b180dffcb317

    SHA256

    9cc7d0dc991872102475c7c5fab4fae05b967f9933477d1a586dd61ea1153a24

    SHA512

    52cf1a9492b0a70b26e8e7691aa90a05f716b23d578ae3983ab1121ac19bd2f725e4e8315b3ddc1712232ec9710309d3ed5afb1666f7383a295b104f43a174d2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\pft4441.tmp\sp44429.rtf
    Filesize

    1KB

    MD5

    32bd7fa0f3db1fbb8899b05a2e3e4ec6

    SHA1

    6abad744176ff138d3a009dae9f866cc240a6c6d

    SHA256

    243e4c85622590a8ef9cb19765670e8908b9e0daf917e9670c7cd7beec1a6f50

    SHA512

    fc7f787f20344922f9348adb8159b5ebd4072aff64befcfc4c673571bca5398125c43323a30de73baf34106ce0f5745d461b377edd4ce78781a3b0988aee0bd0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\plfC923.tmp
    Filesize

    5KB

    MD5

    cfaec980a3639a6b33704c0db20cb812

    SHA1

    e9402b1deb9293d51ea7a45ff5aea0f5bff1ea8f

    SHA256

    55023b00e2c2401272d0ad7b4b633814869483b6d939c5d4910e4ff18eeeee6c

    SHA512

    72bb65180098c195ea74c7dacf24500d98bbd872149e4247bdc98b3a12fabd2fd6846a61b7d30e610748d49348c347a1cec5939276e3a0b30703aeeb591017b2

    Download Submit

  • \Users\Admin\AppData\Local\Temp\pft4441.tmp\WBDIB44I.DLL
    Filesize

    1.1MB

    MD5

    13a9a355587a2d5c92a954a09e05730a

    SHA1

    9a376ef91ef43a206c7ff0126a712df7c058cf22

    SHA256

    8e4c71e6c48be26373c0443366bae87c13b6cabb8367e0102fcaac8da4430ba9

    SHA512

    d23c6da056561d1d8c2be19aa1d2af0a9df5ae85dd9de29cf49d00b605033150f1f1dcb4074445d18143db1cda2b5cc9633a9c60289aa1f78ef5c4036db27578

    Download Submit

  • \Users\Admin\AppData\Local\Temp\pft4441.tmp\WBDIB44I.DLL
    Filesize

    1.1MB

    MD5

    13a9a355587a2d5c92a954a09e05730a

    SHA1

    9a376ef91ef43a206c7ff0126a712df7c058cf22

    SHA256

    8e4c71e6c48be26373c0443366bae87c13b6cabb8367e0102fcaac8da4430ba9

    SHA512

    d23c6da056561d1d8c2be19aa1d2af0a9df5ae85dd9de29cf49d00b605033150f1f1dcb4074445d18143db1cda2b5cc9633a9c60289aa1f78ef5c4036db27578

    Download Submit