b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b

Analysis

max time kernel
164s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
18/05/2023, 13:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe
Size

4.8MB
MD5

93a608c7a55447b6827e56d53a7b6fea
SHA1

78740b5a68542019a90f7c9be78121d5b92a0d3b
SHA256

b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b
SHA512

f749cd36ee75cad310f4f921b5c8e59d4c6c3ce8673f7ab66d20ff9e7a4b2f8736d9c541b27dc17ea4a84b1c9948b4813a8ba57bdde8f77107edb150ec4ecaea
SSDEEP

49152:RA/n/LwTVwv9iGLsenhpUVoygcYM9cJah4GR1fwJtNMRIuk+qnGgvB/dV4Z:cZaDj3wJtNMkG4T

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
588	DesktopFavorites-ver3.5.9.9.exe

Loads dropped DLL 1 IoCs

pid	Process
928	b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run	b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run\DesktopFavorites-ver3.5.9.9 = "C:\\ProgramData\\DesktopFavorites-ver3.5.9.9\\DesktopFavorites-ver3.5.9.9.exe"	b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 928 wrote to memory of 588	928	b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe	28
PID 928 wrote to memory of 588	928	b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe	28
PID 928 wrote to memory of 588	928	b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe	28

C:\Users\Admin\AppData\Local\Temp\b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe
"C:\Users\Admin\AppData\Local\Temp\b8b1922c587d55cd3bdcbda9c5b6b0ace495d14effe54806e10e4b3963af9f2b.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:928
- C:\ProgramData\DesktopFavorites-ver3.5.9.9\DesktopFavorites-ver3.5.9.9.exe
  C:\ProgramData\DesktopFavorites-ver3.5.9.9\DesktopFavorites-ver3.5.9.9.exe
  2⤵
  - Executes dropped EXE
  PID:588

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\DesktopFavorites-ver3.5.9.9\DesktopFavorites-ver3.5.9.9.exe

Filesize
286.0MB

MD5
a2e1668af909f25719586ebdd964a4df

SHA1
ada4559cfd5c9bf560c1ad12aba2f27cf5e787b5

SHA256
21160d1833bd4faf27d305afb861859bc01966342360a0862e1a9b3d35663e54

SHA512
b261b3d2edbb6e406ba3dd5abff7944a19ba7aa2ab92aab45a3a4ecf8da508d67c989b06c021d8e3d6372562ea316fb4782a07eaf69eec128bf25a0d31c2254c

Download Submit
\ProgramData\DesktopFavorites-ver3.5.9.9\DesktopFavorites-ver3.5.9.9.exe

Filesize
285.8MB

MD5
345795338dca6bf45275be06ed460eeb

SHA1
0fa8f1ee574b1defe7645db2a6acef06a8c861f6

SHA256
06b129df4c7623dd708dee8415c06528e50be30d877c8acc15a86371a0653942

SHA512
e181370ca83a9a43654a59d1316ae0cb264e2bfe50c1ad376ce188799d13612abe9d860b7443676cc01066b389f66e7635d73cef29a48c5db450cc9c94f891f0

Download Submit