4aad98e53a58710498b10d3d17bc46e88bda400c8c01e1b4cabd79b06e266ad5

Analysis

max time kernel
37s
max time network
31s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
17/05/2023, 15:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Clip1.exe
Size

4.3MB
MD5

2ab25c204638969e15cd4116fd9c307b
SHA1

405683a1d4d870f2a2531fa15954c6a26d48ae7a
SHA256

4aad98e53a58710498b10d3d17bc46e88bda400c8c01e1b4cabd79b06e266ad5
SHA512

b7f7ff2569ea77aae91ef4cfe3800e390daf96915e897f2f2ad6db630942a1af10f36ecb74fd997eaa200a707b5b678a15126dfc7f3d594380c6523f5e9514d4
SSDEEP

49152:Q/gbtNX2YzEFkc5Hzy7yCFhVBA4Gz1K24SJEsPoWtgvKtaaIyiG:M703+oW6vKga

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1752	DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8.exe

Loads dropped DLL 1 IoCs

pid	Process
1320	Clip1.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Windows\CurrentVersion\Run	Clip1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Windows\CurrentVersion\Run\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8 = "C:\\ProgramData\\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8\\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8.exe"	Clip1.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1320 wrote to memory of 1752	1320	Clip1.exe	28
PID 1320 wrote to memory of 1752	1320	Clip1.exe	28
PID 1320 wrote to memory of 1752	1320	Clip1.exe	28

C:\Users\Admin\AppData\Local\Temp\Clip1.exe
"C:\Users\Admin\AppData\Local\Temp\Clip1.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1320
- C:\ProgramData\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8.exe
  C:\ProgramData\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8.exe
  2⤵
  - Executes dropped EXE
  PID:1752

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8.exe

Filesize
508.9MB

MD5
9a70fa4086ea94b4f660d70517eef344

SHA1
01674eb53e654bbafb6b032ca57dba57adec0d26

SHA256
4845cad2a0d4fa6cb466848b2eacb9b3b1d429bd26a57abef745874bcd2c7187

SHA512
fb188085d279e25e029ce3a7c9186aba338f1023f5b031e024e4522d893ce8c3b968be52d55dc8df643a776bfcd63b3556d27767860723cd9e2944e146640fc0

Download Submit
\ProgramData\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8\DocumentsMozilla-1de4eec8-1241-4177-a864-e594e8d1fb38-ver2.9.1.8.exe

Filesize
440.3MB

MD5
a72a0ce15294c2b3bc6ea1a7733f500c

SHA1
99ef32b88732fcba4fff55b0fe2cdfc2520e1c57

SHA256
f09c6f49182eff4dbba56326b98bf6c87d40b1c12cd2373cd200d99cc6fedb15

SHA512
a2c5e61d51ed8a120733a00c177727402d98b2406a744b9c8ccd19a1c93c1a8eaee1840a6806b3e15c917424c00b8899df2a5af31ca300cae88151f3f9896af7

Download Submit