c24c4d805947b473c5f9abf3fa3b2168b1aaf8b282d612d004fd60774da49193

Resubmissions

29/05/2023, 21:43

230529-1kzk2aea7x 6

29/05/2023, 21:40

230529-1h82paea7s 1

Analysis

max time kernel
1801s
max time network
1805s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
29/05/2023, 21:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SDIO_R753.exe
Size

4.6MB
MD5

cfeda33e8f043fba19fda4400869f066
SHA1

86b23205512a4c42726dc7afb90e5591b199fc54
SHA256

98c4a1b258f598a9193010c08dbb25840ba33083084b69665d29a9491b9dbfc7
SHA512

a53e59e8da6042427f7ede9e350d7966ccf8cb8fd7b20767a96f70997eb31d9e3f59c3d96a13ed921089da56fe04c39b84dc5612fe65ffdfebfe5b14634544e2
SSDEEP

98304:pcjmdvtXjj+CFQ9HAgE8DzXrd5b5E2AwsQrpG/+A1rx5XLyHFo84s:pcjsFXX+CG9fE83XrhE2RsQrHSrXLyHl

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	1040	SDIO_R753.exe

Suspicious use of FindShellTrayWindow 6 IoCs

pid	Process
1040	SDIO_R753.exe
1040	SDIO_R753.exe
1040	SDIO_R753.exe
1040	SDIO_R753.exe
1040	SDIO_R753.exe
1040	SDIO_R753.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1040 wrote to memory of 1344	1040	SDIO_R753.exe	30
PID 1040 wrote to memory of 1344	1040	SDIO_R753.exe	30
PID 1040 wrote to memory of 1344	1040	SDIO_R753.exe	30
PID 1040 wrote to memory of 1344	1040	SDIO_R753.exe	30
PID 1040 wrote to memory of 1912	1040	SDIO_R753.exe	32
PID 1040 wrote to memory of 1912	1040	SDIO_R753.exe	32
PID 1040 wrote to memory of 1912	1040	SDIO_R753.exe	32
PID 1040 wrote to memory of 1912	1040	SDIO_R753.exe	32
PID 1040 wrote to memory of 1776	1040	SDIO_R753.exe	34
PID 1040 wrote to memory of 1776	1040	SDIO_R753.exe	34
PID 1040 wrote to memory of 1776	1040	SDIO_R753.exe	34
PID 1040 wrote to memory of 1776	1040	SDIO_R753.exe	34

C:\Users\Admin\AppData\Local\Temp\SDIO_R753.exe
"C:\Users\Admin\AppData\Local\Temp\SDIO_R753.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1040
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c rd /s /q "C:\Users\Admin\AppData\Local\Temp\SDIO"
  2⤵
  PID:1344
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c rd /s /q "C:\Users\Admin\AppData\Local\Temp\SDIO"
  2⤵
  PID:1912
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c rd /s /q "C:\Users\Admin\AppData\Local\Temp\SDIO"
  2⤵
  PID:1776

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1040-56-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-57-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-58-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-59-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-60-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-64-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-66-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-67-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-68-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-69-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-70-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-71-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-72-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-73-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-74-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-75-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-76-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-77-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-78-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-79-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-80-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-81-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-82-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-83-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-84-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-85-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-86-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-87-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-88-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-89-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-90-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-91-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-92-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-93-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-94-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-95-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-96-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-97-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-98-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-99-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-100-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-101-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-102-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-103-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-104-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-105-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-106-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-107-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-108-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-109-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-110-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-111-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-112-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-113-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-114-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-115-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-116-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-117-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-118-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-119-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-120-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-121-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-122-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download
memory/1040-123-0x0000000000400000-0x00000000008D4000-memory.dmp

Filesize
4.8MB

Download