7d2f140da848ceda847b8f26f562fad473a30d6d86370783c7331ed223c6648f

Analysis

max time kernel
128s
max time network
34s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
13-06-2023 19:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

340(7)(7).exe
Size

219KB
MD5

bd633bca9d62ab2aa81e1651f1a13a64
SHA1

712846fedabb6158c290c72ee6ee23ce1dbc3ba6
SHA256

7d2f140da848ceda847b8f26f562fad473a30d6d86370783c7331ed223c6648f
SHA512

a81cf2fea7f0c4f767e34643d1584a6de0658935a0eca3cc4528073fb1f4ce3dba62be7a91745990ea07741154080850de4d9333abb009cefb70da4ee3e2469a
SSDEEP

6144:Z8U2qy6rRZb7jxGY4VJX3jjDkWl2VprgRvB9gt9UW+:hzy6rRxElfkJQtQ9U5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1488	SETUP.EXE
584	DRVSETUP64.EXE
1216	Process not Found

Loads dropped DLL 3 IoCs

pid	Process
1208	340(7)(7).exe
1488	SETUP.EXE
1216	Process not Found

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
584	DRVSETUP64.EXE

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1208 wrote to memory of 1488	1208	340(7)(7).exe	28
PID 1208 wrote to memory of 1488	1208	340(7)(7).exe	28
PID 1208 wrote to memory of 1488	1208	340(7)(7).exe	28
PID 1208 wrote to memory of 1488	1208	340(7)(7).exe	28
PID 1208 wrote to memory of 1488	1208	340(7)(7).exe	28
PID 1208 wrote to memory of 1488	1208	340(7)(7).exe	28
PID 1208 wrote to memory of 1488	1208	340(7)(7).exe	28
PID 1488 wrote to memory of 584	1488	SETUP.EXE	29
PID 1488 wrote to memory of 584	1488	SETUP.EXE	29
PID 1488 wrote to memory of 584	1488	SETUP.EXE	29
PID 1488 wrote to memory of 584	1488	SETUP.EXE	29

C:\Users\Admin\AppData\Local\Temp\340(7)(7).exe
"C:\Users\Admin\AppData\Local\Temp\340(7)(7).exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1208
- C:\WCH.CN\CH341SER\SETUP.EXE
  "C:\WCH.CN\CH341SER\SETUP.EXE"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1488
- - C:\WCH.CN\CH341SER\DRVSETUP64\DRVSETUP64.EXE
    C:\WCH.CN\CH341SER\DRVSETUP64\DRVSETUP64.EXE
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: GetForegroundWindowSpam
    PID:584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\WCH.CN\CH341SER\CH341SER.INF

Filesize
5KB

MD5
8ba9405c3f106e2f8aaa0cfc54413dee

SHA1
5a1b31d7ec8074ee37ccfa6662997ce3ec0ab39c

SHA256
6cf80f89f89e91707c46d35d1685e10d2bf40156e794edf88c3716b724084351

SHA512
2edca5fed127b58ea541bc957e09edfe860e1e50055fe930e65410e13a5ae0c6adba72de4fa2cb8da34db50cf36b59cc61e6621d96c3a3e22ec28572dc5be3c5

Download Submit
C:\WCH.CN\CH341SER\DRVSETUP64\DRVSETUP64.exe

Filesize
35KB

MD5
3f4c803be5c61fe7c766859dace99059

SHA1
76a3c55ab05d28ccfb65ffcd7784fcd0cb8dea24

SHA256
b023255590954f1a1255125d6d711f44c0f3668626c24047b2baddfdf9e725d6

SHA512
7cd7155933203e42872d3e70e6627fda2009f2eddd2bce311b2df872a9da3a334faf0f72637ca9705be90063d2678c873b4edc388d61b247f19d2622fc7a84b6

Download Submit
C:\WCH.CN\CH341SER\SETUP.EXE

Filesize
76KB

MD5
fb00f008ad4df8f76309bf1a39cb0eba

SHA1
16e58a11ad6087cbebd32f58f75dea8294eac945

SHA256
0f9174ab31f75188e96f30ca1cdaf897623fb30efa5d09b7cef50625595d21a2

SHA512
681a6c3aec9a246b217fcb254741069b72657922932ff5d9e60c379c36e4c767b95c0bbbf284cb2145aeff09f7c4d7045d9ddb73708dbc455ff4f6e569a3655e

Download Submit
C:\WCH.CN\CH341SER\SETUP.EXE

Filesize
76KB

MD5
fb00f008ad4df8f76309bf1a39cb0eba

SHA1
16e58a11ad6087cbebd32f58f75dea8294eac945

SHA256
0f9174ab31f75188e96f30ca1cdaf897623fb30efa5d09b7cef50625595d21a2

SHA512
681a6c3aec9a246b217fcb254741069b72657922932ff5d9e60c379c36e4c767b95c0bbbf284cb2145aeff09f7c4d7045d9ddb73708dbc455ff4f6e569a3655e

Download Submit
C:\WCH.CN\CH341SER\SETUP.EXE

Filesize
76KB

MD5
fb00f008ad4df8f76309bf1a39cb0eba

SHA1
16e58a11ad6087cbebd32f58f75dea8294eac945

SHA256
0f9174ab31f75188e96f30ca1cdaf897623fb30efa5d09b7cef50625595d21a2

SHA512
681a6c3aec9a246b217fcb254741069b72657922932ff5d9e60c379c36e4c767b95c0bbbf284cb2145aeff09f7c4d7045d9ddb73708dbc455ff4f6e569a3655e

Download Submit
\WCH.CN\CH341SER\DRVSETUP64\DRVSETUP64.exe

Filesize
35KB

MD5
3f4c803be5c61fe7c766859dace99059

SHA1
76a3c55ab05d28ccfb65ffcd7784fcd0cb8dea24

SHA256
b023255590954f1a1255125d6d711f44c0f3668626c24047b2baddfdf9e725d6

SHA512
7cd7155933203e42872d3e70e6627fda2009f2eddd2bce311b2df872a9da3a334faf0f72637ca9705be90063d2678c873b4edc388d61b247f19d2622fc7a84b6

Download Submit
\WCH.CN\CH341SER\DRVSETUP64\DRVSETUP64.exe

Filesize
35KB

MD5
3f4c803be5c61fe7c766859dace99059

SHA1
76a3c55ab05d28ccfb65ffcd7784fcd0cb8dea24

SHA256
b023255590954f1a1255125d6d711f44c0f3668626c24047b2baddfdf9e725d6

SHA512
7cd7155933203e42872d3e70e6627fda2009f2eddd2bce311b2df872a9da3a334faf0f72637ca9705be90063d2678c873b4edc388d61b247f19d2622fc7a84b6

Download Submit
\WCH.CN\CH341SER\DRVSETUP64\DRVSETUP64.exe

Filesize
35KB

MD5
3f4c803be5c61fe7c766859dace99059

SHA1
76a3c55ab05d28ccfb65ffcd7784fcd0cb8dea24

SHA256
b023255590954f1a1255125d6d711f44c0f3668626c24047b2baddfdf9e725d6

SHA512
7cd7155933203e42872d3e70e6627fda2009f2eddd2bce311b2df872a9da3a334faf0f72637ca9705be90063d2678c873b4edc388d61b247f19d2622fc7a84b6

Download Submit
\WCH.CN\CH341SER\SETUP.EXE

Filesize
76KB

MD5
fb00f008ad4df8f76309bf1a39cb0eba

SHA1
16e58a11ad6087cbebd32f58f75dea8294eac945

SHA256
0f9174ab31f75188e96f30ca1cdaf897623fb30efa5d09b7cef50625595d21a2

SHA512
681a6c3aec9a246b217fcb254741069b72657922932ff5d9e60c379c36e4c767b95c0bbbf284cb2145aeff09f7c4d7045d9ddb73708dbc455ff4f6e569a3655e

Download Submit
memory/1208-78-0x0000000000400000-0x0000000000421000-memory.dmp

Filesize
132KB

Download