Overview

overview

7

Static

static

3

8dd776527d...3a.exe

windows7-x64

7

8dd776527d...3a.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    84s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/06/2023, 19:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    8dd776527dffd631e8aea18ee4514f66afbae3371ab07cfc68df3e162c182d3a.exe

  • Size

    3.6MB

  • MD5

    dc63b110ac821fdc82aa0d677eddc6ce

  • SHA1

    cfa3c89099d3aca68ac3a74faea5026313567507

  • SHA256

    8dd776527dffd631e8aea18ee4514f66afbae3371ab07cfc68df3e162c182d3a

  • SHA512

    83476dbecb33611e2575abca346afee94486d849c659dcb94f5d65fc536a1d3f28a33fc0ce5ba037c77b19559fe7f3413df13ef208e532f8c60c5bc99fb04f42

  • SSDEEP

    49152:Xm3yI4nAzyuSwIbFLOAkGy3zdnErPSCTomFDS+BHEuSlVnPgIQ6TUZl:QKIWFLOAkGkzdnEVomFHKnPRTql

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8dd776527dffd631e8aea18ee4514f66afbae3371ab07cfc68df3e162c182d3a.exe
    "C:\Users\Admin\AppData\Local\Temp\8dd776527dffd631e8aea18ee4514f66afbae3371ab07cfc68df3e162c182d3a.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3908
    • C:\recovery\ClientDaemon.exe
      C:\recovery\ClientDaemon.exe
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4812
      • C:\recovery\PcAssit.exe
        "C:\recovery\PcAssit.exe"
        3⤵
        • Executes dropped EXE
        • Enumerates connected drives
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:4652

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Recovery\ClientDaemon.exe
          Filesize

          200KB

          MD5

          9ea5c430bba7600bdad6d0ffb6d01a4d

          SHA1

          97698db2d796f49ec45a611470e70a1e115f25a8

          SHA256

          3d0b5ef8d36d3794311129c70888867ca7ce7b846e52e6e6d7bf0b8fd3738516

          SHA512

          fb00d9eab5b82787796f5ebf237a8e121d3bf02e5ba0f5440ceecc86193b80412d360fc398c5a4de36085af8c58eec9afa3c196e0208ce44c27bb776fd04e40d

          Download Submit

        • C:\Recovery\PcAssit.exe
          Filesize

          2.4MB

          MD5

          29868c51a96ef259922959c0c7a0ad6a

          SHA1

          a51fc2db13b3a816e73c1d4115d334949eaeb934

          SHA256

          815013387e33d9ef5d17b619b455b0065fd75812356315a6ef72fcb80182323d

          SHA512

          d6462e157f0e681831a9864574654a9e983902566a8a2c6919cb40754883577c96ceca06139bb69a9467ef73790f82a3772bc8f0d088d263316bfff60303b9d8

          Download Submit

        • C:\Recovery\cd.txt
          Filesize

          254KB

          MD5

          181f671ded2ba6a537884e8cbeb73680

          SHA1

          b75f9357f0af51e5f788fd98c3a36d55960d2550

          SHA256

          33ac308b2bbcf21bd6f810a8e941cbcafc0bc9ba0eadfbd68b84f6b7f0b1a3da

          SHA512

          6ec0187537731cfa9b4ec6dc5bf69b3fed9669a9b03c6a1c0ed1712296e59420ec775ad77add7b9324bba097df7aeb7f5fb052a96642b255bc0e69599cd135e4

          Download Submit

        • C:\recovery\ClientDaemon.exe
          Filesize

          200KB

          MD5

          9ea5c430bba7600bdad6d0ffb6d01a4d

          SHA1

          97698db2d796f49ec45a611470e70a1e115f25a8

          SHA256

          3d0b5ef8d36d3794311129c70888867ca7ce7b846e52e6e6d7bf0b8fd3738516

          SHA512

          fb00d9eab5b82787796f5ebf237a8e121d3bf02e5ba0f5440ceecc86193b80412d360fc398c5a4de36085af8c58eec9afa3c196e0208ce44c27bb776fd04e40d

          Download Submit

        • C:\recovery\PcAssit.exe
          Filesize

          2.4MB

          MD5

          29868c51a96ef259922959c0c7a0ad6a

          SHA1

          a51fc2db13b3a816e73c1d4115d334949eaeb934

          SHA256

          815013387e33d9ef5d17b619b455b0065fd75812356315a6ef72fcb80182323d

          SHA512

          d6462e157f0e681831a9864574654a9e983902566a8a2c6919cb40754883577c96ceca06139bb69a9467ef73790f82a3772bc8f0d088d263316bfff60303b9d8

          Download Submit

        • memory/4652-143-0x0000000000660000-0x00000000006A8000-memory.dmp

          Filesize

          288KB

          Download

        • memory/4652-144-0x0000000000660000-0x00000000006A8000-memory.dmp

          Filesize

          288KB

          Download

        • memory/4652-146-0x0000000000660000-0x00000000006A8000-memory.dmp

          Filesize

          288KB

          Download

        • memory/4652-147-0x0000000000660000-0x00000000006A8000-memory.dmp

          Filesize

          288KB

          Download

        • memory/4652-148-0x0000000000660000-0x00000000006A8000-memory.dmp

          Filesize

          288KB

          Download