eefe1cc1b637e823908ad21afc46a2ca593d506eb0f136503884cf373b88c7f5

Analysis

max time kernel
127s
max time network
33s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-06-2023 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ee9657b36541a633ad8a1018bcd71013.exe
Size

5.6MB
MD5

ee9657b36541a633ad8a1018bcd71013
SHA1

41347d07644f7af6f88203a31f415ce6606d9503
SHA256

eefe1cc1b637e823908ad21afc46a2ca593d506eb0f136503884cf373b88c7f5
SHA512

457ed06148641408a67f10c92d8b0e3ffa4613eacaded70ee7b6b832a97bc736bf255eeef004670f1b7ea2035b0e107d01b890f36e7eb1128a61514081464011
SSDEEP

98304:IFpxx/qkSQhrS8W2siTwbv8F7nDaCFuw2vawTMzM:I7tsCmv8F52v5AzM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1976	TeamViewer_.exe

Loads dropped DLL 9 IoCs

pid	Process
2008	ee9657b36541a633ad8a1018bcd71013.exe
2008	ee9657b36541a633ad8a1018bcd71013.exe
1976	TeamViewer_.exe
1976	TeamViewer_.exe
1976	TeamViewer_.exe
1976	TeamViewer_.exe
1976	TeamViewer_.exe
1976	TeamViewer_.exe
1976	TeamViewer_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1976	TeamViewer_.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1976	2008	ee9657b36541a633ad8a1018bcd71013.exe	27
PID 2008 wrote to memory of 1976	2008	ee9657b36541a633ad8a1018bcd71013.exe	27
PID 2008 wrote to memory of 1976	2008	ee9657b36541a633ad8a1018bcd71013.exe	27
PID 2008 wrote to memory of 1976	2008	ee9657b36541a633ad8a1018bcd71013.exe	27

C:\Users\Admin\AppData\Local\Temp\ee9657b36541a633ad8a1018bcd71013.exe
"C:\Users\Admin\AppData\Local\Temp\ee9657b36541a633ad8a1018bcd71013.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe
  "C:\Users\Admin\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1976

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe

Filesize
5.4MB

MD5
751dfbc3b17e13a94c5d715c648a15a8

SHA1
8dc2369cbcd0b52f27ebca8781193e0eb94929b6

SHA256
3a1548b20ddf473cdecf17b810441799a15ed9ead2388d2a574ef5392d2db7bb

SHA512
72e624df66a7615998089d178117a1e8b7055372b8c2631cf12402a9ee96a1b99f6ffd615545d535864e472c09dfb72a7fc7b9136b9a19b5a98d2a200c73f78a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe

Filesize
5.4MB

MD5
751dfbc3b17e13a94c5d715c648a15a8

SHA1
8dc2369cbcd0b52f27ebca8781193e0eb94929b6

SHA256
3a1548b20ddf473cdecf17b810441799a15ed9ead2388d2a574ef5392d2db7bb

SHA512
72e624df66a7615998089d178117a1e8b7055372b8c2631cf12402a9ee96a1b99f6ffd615545d535864e472c09dfb72a7fc7b9136b9a19b5a98d2a200c73f78a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe

Filesize
5.4MB

MD5
751dfbc3b17e13a94c5d715c648a15a8

SHA1
8dc2369cbcd0b52f27ebca8781193e0eb94929b6

SHA256
3a1548b20ddf473cdecf17b810441799a15ed9ead2388d2a574ef5392d2db7bb

SHA512
72e624df66a7615998089d178117a1e8b7055372b8c2631cf12402a9ee96a1b99f6ffd615545d535864e472c09dfb72a7fc7b9136b9a19b5a98d2a200c73f78a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd28E6.tmp\TvGetVersion.dll

Filesize
143KB

MD5
5c8d6dd6c3e9ea71c6147d271e9ae71b

SHA1
34e835fbb7764fc8d227ddb8895f31c7fdc33981

SHA256
8aff7b00a163885a8b0b92ca4c01ee442f5c14fbdb2f0d65787622301a913031

SHA512
16e4868a4ef2f08c3368e8f2ca2996fccabcd1150b9f2800fc1393ba9da5c7d046db63560367911c808d433c6e408fc2aab7c1e81f3cda89e75a8017970d03fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\start_unicode.ini

Filesize
2KB

MD5
6ef26b17728dd1d92e71eb71bfda85ee

SHA1
fb619358be625e0cb61060e477dc2ae405b5586a

SHA256
78d582f290d461043fecf5f57289835843e7c9a11d9c15006d51332126dbf213

SHA512
efff42fb8afd1fc5dfa402aa5832ff06482f3007a3f256f4de7fc081eebd5a092a20c0aaa01cf2326ead7e0f8e0c8b3c831f914820978c40c2220255c6b2bdd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\start_unicode.ini

Filesize
2KB

MD5
8cc44acd93aee61ce5936dc04daadb9d

SHA1
97d31b16c002b9b22d95ced34831b454c442479e

SHA256
90fc5a507b9395f5ef7a2600d00b3c51a635fd24612e9af4f2ae175e1d840841

SHA512
81849945172c902cfbf857568bb6a21fb6e0abe10babe61a7ed9b28ee514311dabac8b9cd1629e1e5c2ecb1431abca179b81ea8da014fc6aa0f7430069f70331

Download Submit
\Users\Admin\AppData\Local\Temp\TeamViewer\Version8\TeamViewer_.exe

Filesize
5.4MB

MD5
751dfbc3b17e13a94c5d715c648a15a8

SHA1
8dc2369cbcd0b52f27ebca8781193e0eb94929b6

SHA256
3a1548b20ddf473cdecf17b810441799a15ed9ead2388d2a574ef5392d2db7bb

SHA512
72e624df66a7615998089d178117a1e8b7055372b8c2631cf12402a9ee96a1b99f6ffd615545d535864e472c09dfb72a7fc7b9136b9a19b5a98d2a200c73f78a

Download Submit
\Users\Admin\AppData\Local\Temp\nsd28E6.tmp\TvGetVersion.dll

Filesize
143KB

MD5
5c8d6dd6c3e9ea71c6147d271e9ae71b

SHA1
34e835fbb7764fc8d227ddb8895f31c7fdc33981

SHA256
8aff7b00a163885a8b0b92ca4c01ee442f5c14fbdb2f0d65787622301a913031

SHA512
16e4868a4ef2f08c3368e8f2ca2996fccabcd1150b9f2800fc1393ba9da5c7d046db63560367911c808d433c6e408fc2aab7c1e81f3cda89e75a8017970d03fb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\InstallOptions.dll

Filesize
15KB

MD5
89351a0a6a89519c86c5531e20dab9ea

SHA1
9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

SHA256
f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

SHA512
13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

Download Submit
\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\TvGetVersion.dll

Filesize
143KB

MD5
5c8d6dd6c3e9ea71c6147d271e9ae71b

SHA1
34e835fbb7764fc8d227ddb8895f31c7fdc33981

SHA256
8aff7b00a163885a8b0b92ca4c01ee442f5c14fbdb2f0d65787622301a913031

SHA512
16e4868a4ef2f08c3368e8f2ca2996fccabcd1150b9f2800fc1393ba9da5c7d046db63560367911c808d433c6e408fc2aab7c1e81f3cda89e75a8017970d03fb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\TvGetVersion.dll

Filesize
143KB

MD5
5c8d6dd6c3e9ea71c6147d271e9ae71b

SHA1
34e835fbb7764fc8d227ddb8895f31c7fdc33981

SHA256
8aff7b00a163885a8b0b92ca4c01ee442f5c14fbdb2f0d65787622301a913031

SHA512
16e4868a4ef2f08c3368e8f2ca2996fccabcd1150b9f2800fc1393ba9da5c7d046db63560367911c808d433c6e408fc2aab7c1e81f3cda89e75a8017970d03fb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\TvGetVersion.dll

Filesize
143KB

MD5
5c8d6dd6c3e9ea71c6147d271e9ae71b

SHA1
34e835fbb7764fc8d227ddb8895f31c7fdc33981

SHA256
8aff7b00a163885a8b0b92ca4c01ee442f5c14fbdb2f0d65787622301a913031

SHA512
16e4868a4ef2f08c3368e8f2ca2996fccabcd1150b9f2800fc1393ba9da5c7d046db63560367911c808d433c6e408fc2aab7c1e81f3cda89e75a8017970d03fb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\TvGetVersion.dll

Filesize
143KB

MD5
5c8d6dd6c3e9ea71c6147d271e9ae71b

SHA1
34e835fbb7764fc8d227ddb8895f31c7fdc33981

SHA256
8aff7b00a163885a8b0b92ca4c01ee442f5c14fbdb2f0d65787622301a913031

SHA512
16e4868a4ef2f08c3368e8f2ca2996fccabcd1150b9f2800fc1393ba9da5c7d046db63560367911c808d433c6e408fc2aab7c1e81f3cda89e75a8017970d03fb

Download Submit
\Users\Admin\AppData\Local\Temp\nsy31EC.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit