ae29f10cef69f899fa9479d27b8219d52b641007080a03aa2de42be11de75431

Analysis

max time kernel
31s
max time network
35s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
01/06/2023, 19:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ae29f10cef69f899fa9479d27b8219d52b641007080a03aa2de42be11de75431.exe
Size

5.2MB
MD5

af523b90777a1d65628e128c609bcb4c
SHA1

d485422c4ecd2ea398dad8efeb1275a55c3cff42
SHA256

ae29f10cef69f899fa9479d27b8219d52b641007080a03aa2de42be11de75431
SHA512

ecdda4979261ab4ebe0c59c41a20b0811d2c3e0b16907b41d9d86ef06c00b90ef08488f5e0d62dbdf4e75ea1bbd76917950c763dff3da50cd64481836d4bb21d
SSDEEP

98304:pKbSQygFqAduxRsPMCcdDSg4VG2+4Z15KO0+KGEAP2532CchxalMchUFq:pYRyfwM7SgKG2BZ2cO5kK4q

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
892	AssistanceSetup.exe
1952	AssistanceSetup.exe

Loads dropped DLL 2 IoCs

pid	Process
1048	ae29f10cef69f899fa9479d27b8219d52b641007080a03aa2de42be11de75431.exe
1048	ae29f10cef69f899fa9479d27b8219d52b641007080a03aa2de42be11de75431.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\ae29f10cef69f899fa9479d27b8219d52b641007080a03aa2de42be11de75431.exe
"C:\Users\Admin\AppData\Local\Temp\ae29f10cef69f899fa9479d27b8219d52b641007080a03aa2de42be11de75431.exe"
1⤵
- Loads dropped DLL
PID:1048
- C:\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:892
- C:\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe"
  2⤵
  - Executes dropped EXE
  PID:1952

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe

Filesize
528KB

MD5
094d7d09c9be904b261b64e8ac449f84

SHA1
41f7302453739cda5bd712b1bad0ed1e95b51387

SHA256
3acd5b8a57370445d232f4a9054cf6244449d4362e7b599ba61e0f37d7fd7b3c

SHA512
d3c3862ee954db9d19fc4cfb6e6604a8bb338bb7b184e0a43543ba09f993bc90af816a70e59f43e91b31091a64bd808941c770740326ef6395781febf9eb7644

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe

Filesize
528KB

MD5
094d7d09c9be904b261b64e8ac449f84

SHA1
41f7302453739cda5bd712b1bad0ed1e95b51387

SHA256
3acd5b8a57370445d232f4a9054cf6244449d4362e7b599ba61e0f37d7fd7b3c

SHA512
d3c3862ee954db9d19fc4cfb6e6604a8bb338bb7b184e0a43543ba09f993bc90af816a70e59f43e91b31091a64bd808941c770740326ef6395781febf9eb7644

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe

Filesize
528KB

MD5
094d7d09c9be904b261b64e8ac449f84

SHA1
41f7302453739cda5bd712b1bad0ed1e95b51387

SHA256
3acd5b8a57370445d232f4a9054cf6244449d4362e7b599ba61e0f37d7fd7b3c

SHA512
d3c3862ee954db9d19fc4cfb6e6604a8bb338bb7b184e0a43543ba09f993bc90af816a70e59f43e91b31091a64bd808941c770740326ef6395781febf9eb7644

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\toHtml\toHtml\images\DIY_NO.gif

Filesize
783B

MD5
e98f924536861008e2fd7b7069245b4d

SHA1
732696d347aacaceda6a9518c7ef15f533989c21

SHA256
a006c4db4d9d87215b947126b7073205d765692dc4f9544f307d079dd4f13806

SHA512
9a3759a28f2224632331865cb67b0f06d8a97d5ca497b5eb0ea061c57db2d7a5cfcd5c3a01be3c7e55a87d707a740c5be8c57e5bcb60bb462b1f81226e005cc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\toHtml\toHtml\images\NOW_PEOPLE_DOING_SUB.gif

Filesize
788B

MD5
7b379341dd7da1fe3f070544d5e8e84f

SHA1
257225565ac37794429fbe12f2ce216872f8aad7

SHA256
2b0e2170e4208c5276ce48ed6316f57d5bdfae014f33866ad0c4cbd36635c9cb

SHA512
54692fd98a4a187271ee32f0671caa0a73fd841f9b2e8e38bdd9f84be3156688f414534ebb8f61cc000c81cf57e80fa79cd0ee5a48d5ce318505ee0fc1d0ff17

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\toHtml\toHtml\images\NOW_PERSON_NO.gif

Filesize
565B

MD5
fd951659e363d5ef06e3c587afd0d67a

SHA1
67d1f23e1f58c0369c399d397cff590e314fe6bc

SHA256
16ff9bab2ec46f923a5fa1dca6e5ac9279f168fb27342eb1fbbac78fb677fc88

SHA512
db9f546c36e6392e7b179b2540853aa807db6e331bc51632053b0ffebe6881ba262ddf81dd3eb63c9b82314afa5b203f1549f2fd973adea90162cd3c3e1dddba

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\toHtml\toHtml\images\OCUPATIONLEVEL_STOP.gif

Filesize
709B

MD5
daca0f8eb7d492d5050c2f16f2f16bfd

SHA1
0dd0d801257c191576fb52c7c9353974dbd8c464

SHA256
41bbcf62514e55dc4e35ee7eaac11cb9cd234206a65b3114587137d451b7e0a3

SHA512
bff4442d909c5e9f35477274765f8edd18eaa13fd290cbf6038d8dde99044cc8816b5a5423c9f14f5e9a01b8bb6f79508c0b77451020285361efbede8fe66f30

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\toHtml\toHtml\images\OCUPATION_NO.gif

Filesize
761B

MD5
c961c4b213a629abf1e5d97225fe223d

SHA1
defd683201dba23adc8d8b2b5c3321a4b1e9e0e4

SHA256
0d4183cdf43bc34e8bbc5ee7cfb04886147c955da9508eb98531cb3595be8f21

SHA512
5b942617d05c07b0c320eadad8ba5e0a0c569986a1a77cc9ba225645e7e080d603d7035f937c0647416ff226d3fcabc4f199f8fe7b72501c8b7e3c250046d27b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\toHtml\toHtml\images\PERSON_OUT_NO.gif

Filesize
563B

MD5
50cb54104e84324804dce7d9eb97b581

SHA1
6dea64d60ddcaad1d341e39abd77dfde92f0c2fc

SHA256
cf1264197bcbc3625a2001b323c515b4d94c416751d8a058b6ce039a47b2a28b

SHA512
7be4974f30ba9e43459ed4a6abcc0badc9ad574e6f8c3b3c73bc3a44dda22d09bb2f4142d913509e4f87426aaae3105d090ccf0a64813ffeaed1cb9fff24a78e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ufida\toHtml\toHtml\images\RELATIVE_NO.gif

Filesize
597B

MD5
9ff5bd081bfba61eea332faa275c46b9

SHA1
437e05231733c8b39c25e1661647f5645dc9a551

SHA256
dca2f009ceffa1790cc6f150a867a9fa369bf1192e346d0be86f831b4c17f3b1

SHA512
db53afaa42b551987dcc6078dc7e4ce70065200ec7450d6bdf8ba4b0a3aea0b5ef828e77791b5f5e5f5286e474de1abf6877cbe5d3505741a6d9fc09d8c5d3db

Download Submit
\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe

Filesize
528KB

MD5
094d7d09c9be904b261b64e8ac449f84

SHA1
41f7302453739cda5bd712b1bad0ed1e95b51387

SHA256
3acd5b8a57370445d232f4a9054cf6244449d4362e7b599ba61e0f37d7fd7b3c

SHA512
d3c3862ee954db9d19fc4cfb6e6604a8bb338bb7b184e0a43543ba09f993bc90af816a70e59f43e91b31091a64bd808941c770740326ef6395781febf9eb7644

Download Submit
\Users\Admin\AppData\Local\Temp\ufida\AssistanceSetup.exe

Filesize
528KB

MD5
094d7d09c9be904b261b64e8ac449f84

SHA1
41f7302453739cda5bd712b1bad0ed1e95b51387

SHA256
3acd5b8a57370445d232f4a9054cf6244449d4362e7b599ba61e0f37d7fd7b3c

SHA512
d3c3862ee954db9d19fc4cfb6e6604a8bb338bb7b184e0a43543ba09f993bc90af816a70e59f43e91b31091a64bd808941c770740326ef6395781febf9eb7644

Download Submit
memory/1048-468-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/1048-469-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download