Overview

overview

7

Static

static

3

winprofile

windows7-x64

7

winprofile

windows10-1703-x64

7

Analysis

  • max time kernel
    53s
  • max time network
    180s
  • platform
    windows10-1703_x64
  • resource
    win10-20230220-en
  • resource tags

    arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
  • submitted
    26/05/2023, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    141bdfe686b1456ad7a1a70de12d3feabede959d89940aabf14abbbced2d92d1.exe

  • Size

    7.0MB

  • MD5

    825d29670caef75e83a1ccb8c85dfe76

  • SHA1

    78683a2a216dc0e7bdac5474c6ce8cd26957345d

  • SHA256

    141bdfe686b1456ad7a1a70de12d3feabede959d89940aabf14abbbced2d92d1

  • SHA512

    ca36522e4e38d210f7b6f3030851b0796ccad98fda6ddcc39643954dd1083265595f96c51a9d1492a66d1c7075fdac21078332fa04abb9600e54b3eadd9e78ce

  • SSDEEP

    98304:oitgjqtm5guWBVcoIGPszclLPDLtmWy2UGpp7NSrvxCBPdNpawP9zRJpx:El5zqPImsQlLLLjUr4PTtJRJp

Score
7/10
discoverypersistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\141bdfe686b1456ad7a1a70de12d3feabede959d89940aabf14abbbced2d92d1.exe
    "C:\Users\Admin\AppData\Local\Temp\141bdfe686b1456ad7a1a70de12d3feabede959d89940aabf14abbbced2d92d1.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:4108
    • C:\ProgramData\regid.1991-06.com.microsoftSoftwareDistribution-4P1B5.3.6.3\regid.1991-06.com.microsoftSoftwareDistribution-4P1B5.3.6.3.exe
      C:\ProgramData\regid.1991-06.com.microsoftSoftwareDistribution-4P1B5.3.6.3\regid.1991-06.com.microsoftSoftwareDistribution-4P1B5.3.6.3.exe
      2⤵
      • Executes dropped EXE
      PID:2132

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\regid.1991-06.com.microsoftSoftwareDistribution-4P1B5.3.6.3\regid.1991-06.com.microsoftSoftwareDistribution-4P1B5.3.6.3.exe
    Filesize

    757.0MB

    MD5

    8ed1e8a5c0295673f751af1bc239390e

    SHA1

    64d8928c0678f7f2b5af8973a0968ea6ccf7f191

    SHA256

    ad34dfd29ef8359bc203e8f8739ecc318da11da9322cc026ef20f9ac694a2b09

    SHA512

    2be1ec49d170a36c1751c8f1f97840d23567e5adc0b459f43f499a569bc3268f4ef7811f68450318fa805733ffc905180cccc4e1ab468eadebb1a429734fd312

    Download Submit

  • C:\ProgramData\regid.1991-06.com.microsoftSoftwareDistribution-4P1B5.3.6.3\regid.1991-06.com.microsoftSoftwareDistribution-4P1B5.3.6.3.exe
    Filesize

    757.0MB

    MD5

    8ed1e8a5c0295673f751af1bc239390e

    SHA1

    64d8928c0678f7f2b5af8973a0968ea6ccf7f191

    SHA256

    ad34dfd29ef8359bc203e8f8739ecc318da11da9322cc026ef20f9ac694a2b09

    SHA512

    2be1ec49d170a36c1751c8f1f97840d23567e5adc0b459f43f499a569bc3268f4ef7811f68450318fa805733ffc905180cccc4e1ab468eadebb1a429734fd312

    Download Submit

  • memory/2132-124-0x00007FF7D8E20000-0x00007FF7D951B000-memory.dmp

    Filesize

    7.0MB

    Download

  • memory/4108-119-0x00007FF780EE0000-0x00007FF7815DB000-memory.dmp

    Filesize

    7.0MB

    Download