Analysis

  • max time kernel
    117s
  • max time network
    131s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17-05-2023 11:24

General

  • Target

    Clip1.exe

  • Size

    4.3MB

  • MD5

    2ab25c204638969e15cd4116fd9c307b

  • SHA1

    405683a1d4d870f2a2531fa15954c6a26d48ae7a

  • SHA256

    4aad98e53a58710498b10d3d17bc46e88bda400c8c01e1b4cabd79b06e266ad5

  • SHA512

    b7f7ff2569ea77aae91ef4cfe3800e390daf96915e897f2f2ad6db630942a1af10f36ecb74fd997eaa200a707b5b678a15126dfc7f3d594380c6523f5e9514d4

  • SSDEEP

    49152:Q/gbtNX2YzEFkc5Hzy7yCFhVBA4Gz1K24SJEsPoWtgvKtaaIyiG:M703+oW6vKga

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Clip1.exe
    "C:\Users\Admin\AppData\Local\Temp\Clip1.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:3440
    • C:\ProgramData\USOSharedssh-ver1.2.4.4\USOSharedssh-ver1.2.4.4.exe
      C:\ProgramData\USOSharedssh-ver1.2.4.4\USOSharedssh-ver1.2.4.4.exe
      2⤵
      • Executes dropped EXE
      PID:4256

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\USOSharedssh-ver1.2.4.4\USOSharedssh-ver1.2.4.4.exe

    Filesize

    754.3MB

    MD5

    8389809457d173e7ec742ed1fa21e2ff

    SHA1

    dea3ff87d17ca517d1e9eb7266f4f136f92c6359

    SHA256

    d76a7184b9cbc52d8b4d07b1f58b28a7540ed9577bc4a58e9ab7022ce3103385

    SHA512

    01454243d7b3385bd1990b3d31f013fc62a1b6b1690beeeb344fb6d028bbea2bb290e0ccf68e4480562e48912d661cb356b40a7bcbfef78d45984a16ca6fdea8