36dcd2ee12fc585d12a83d2687546a3087b4b891bf7ad6deaee184b9eb2d5eb7

Analysis

max time kernel
17s
max time network
19s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
19/05/2023, 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

clipx-1.0.3.8-installer_CYph-n1.exe
Size

1.7MB
MD5

5e490e1188b03b411e941b88be7388e0
SHA1

9767343dcc68a8d2c591a648f452593c2cc1bd0f
SHA256

c484600d6a850d0e45cc5b17bb5cd9ed9b95245aa707f2c0001d107411e248de
SHA512

e29e0aefc31ee1e706301d5ba21772358644888b51643dc69457696beff0ae0da71905610a3a8aebdf1289fc98ecb74fc0d71baa06948a62216e2b434c4af12e
SSDEEP

24576:27FUDowAyrTVE3U5FmzVRKuPaJPfrT90eKc4cgFLNPfs8duMpmsDq:2BuZrEUgRKuwPH9RHgFLRdp/O

Score

4^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4144	clipx-1.0.3.8-installer_CYph-n1.tmp

Loads dropped DLL 2 IoCs

pid	Process
4144	clipx-1.0.3.8-installer_CYph-n1.tmp
4144	clipx-1.0.3.8-installer_CYph-n1.tmp

Script User-Agent 1 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	2	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4128 wrote to memory of 4144	4128	clipx-1.0.3.8-installer_CYph-n1.exe	66
PID 4128 wrote to memory of 4144	4128	clipx-1.0.3.8-installer_CYph-n1.exe	66
PID 4128 wrote to memory of 4144	4128	clipx-1.0.3.8-installer_CYph-n1.exe	66

C:\Users\Admin\AppData\Local\Temp\clipx-1.0.3.8-installer_CYph-n1.exe
"C:\Users\Admin\AppData\Local\Temp\clipx-1.0.3.8-installer_CYph-n1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4128
- C:\Users\Admin\AppData\Local\Temp\is-3P38H.tmp\clipx-1.0.3.8-installer_CYph-n1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-3P38H.tmp\clipx-1.0.3.8-installer_CYph-n1.tmp" /SL5="$7005A,875199,832512,C:\Users\Admin\AppData\Local\Temp\clipx-1.0.3.8-installer_CYph-n1.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4144

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-3P38H.tmp\clipx-1.0.3.8-installer_CYph-n1.tmp

Filesize
3.0MB

MD5
e6c28eb71e3839115f44acbe4ab73729

SHA1
31a66495aa276692f5391a282122d60cd1cbeca0

SHA256
fe883c092e139f2a83c19ad272096b5f16b3794da9d7b1e9401216aebf079399

SHA512
aca216c42ee01d38e2df45df49fe9e0e8ba9e3366b3d3111a064db145277e4fded5ffe9ad12a45be5734fa0cf5c7272f6e4955b70f05cd5b2227ecd875ce2663

Download Submit
\Users\Admin\AppData\Local\Temp\is-AVNKN.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
\Users\Admin\AppData\Local\Temp\is-AVNKN.tmp\botva2.dll

Filesize
37KB

MD5
67965a5957a61867d661f05ae1f4773e

SHA1
f14c0a4f154dc685bb7c65b2d804a02a0fb2360d

SHA256
450b9b0ba25bf068afbc2b23d252585a19e282939bf38326384ea9112dfd0105

SHA512
c6942818b9026dc5db2d62999d32cf99fe7289f79a28b8345af17acf9d13b2229a5e917a48ff1f6d59715bdbcb00c1625e0302abcfe10ca7e0475762e0a3f41b

Download Submit
memory/4128-120-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4128-129-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4128-141-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/4144-125-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/4144-130-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download
memory/4144-131-0x0000000000800000-0x0000000000801000-memory.dmp

Filesize
4KB

Download
memory/4144-135-0x0000000006990000-0x000000000699F000-memory.dmp

Filesize
60KB

Download
memory/4144-139-0x0000000000400000-0x000000000071B000-memory.dmp

Filesize
3.1MB

Download