de2f59e5c08580f15b912164f9781109354056446a4e792607dee75dbde462cf

Analysis

max time kernel
139s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-05-2023 17:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

clp1.exe
Size

4.7MB
MD5

39c01a72dbe7ef1d7397f66c9c79d39b
SHA1

4b5d58ba9bb3ee3c647c369ee64d0dd6e11253d7
SHA256

de2f59e5c08580f15b912164f9781109354056446a4e792607dee75dbde462cf
SHA512

c8996668e26460572b8759c30f32d978dc2e8fa52b5451888ce89fa676fc10cbddd21772640b902a2d29cbd97b7c95afe9e1d4624bb0d15d9d6f3329f2f1fc89
SSDEEP

49152:ysa+On6R+U8yL640GOvB6jph1gW8pmaFAkanv+6kGjuJWOe/:7qitkfY0W9

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2236	USOSharedTemplates-ver9.4.1.8.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Software\Microsoft\Windows\CurrentVersion\Run	clp1.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\USOSharedTemplates-ver9.4.1.8 = "C:\\ProgramData\\USOSharedTemplates-ver9.4.1.8\\USOSharedTemplates-ver9.4.1.8.exe"	clp1.exe

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 2236	2232	clp1.exe	83
PID 2232 wrote to memory of 2236	2232	clp1.exe	83

C:\Users\Admin\AppData\Local\Temp\clp1.exe
"C:\Users\Admin\AppData\Local\Temp\clp1.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2232
- C:\ProgramData\USOSharedTemplates-ver9.4.1.8\USOSharedTemplates-ver9.4.1.8.exe
  C:\ProgramData\USOSharedTemplates-ver9.4.1.8\USOSharedTemplates-ver9.4.1.8.exe
  2⤵
  - Executes dropped EXE
  PID:2236

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\USOSharedTemplates-ver9.4.1.8\USOSharedTemplates-ver9.4.1.8.exe

Filesize
365.4MB

MD5
07e9509b2c43a639d89baefd255d341b

SHA1
8d3d028b435306cf4c9b74796bcbba012fc06304

SHA256
06c4a4db9f40311c468841595700a4f090aa6ec10b525a49a514a338e6d7b48d

SHA512
4390e2af538f4dfd1da1354e7497cbef95d2931e36eb4f3fd4afa387dd2a79dea846a9673c25591af189c6ec841a8b71642f7f8f0afa95d0e7c1d1bdce246fd3

Download Submit
C:\ProgramData\USOSharedTemplates-ver9.4.1.8\USOSharedTemplates-ver9.4.1.8.exe

Filesize
365.2MB

MD5
20616e31f8c943bfc5f47ba94d8b3136

SHA1
2c0c02c7d07d78cdcd13e6a43849a9f380a83a04

SHA256
d23e6afcb340800152011315ea3c4687630b1b659aee92248a5f2a63581248dd

SHA512
2b3b519c83c621fab10cdf3d31e5d03331b83fc28840615947006e99d18dbb2d74b22063e7f385d8fd0f4865d1613d27f7f3c69e39998529c5458892042f7523

Download Submit