Analysis

  • max time kernel
    29s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14-06-2023 09:30

General

  • Target

    TELDAT_EntryCl_Win_230_146.exe

  • Size

    28.4MB

  • MD5

    3e19807e762d51398a30b73fcc301e1d

  • SHA1

    ed05dff46d0b6b87152abf0f906d1bdd08bb6ffd

  • SHA256

    f3179c84d96bacec06f48367a24f3d3acdba463c93bd1103832403b39f4bcf99

  • SHA512

    d0a18db1a113160aa72bb04210ae16d5533873317d29cf8d18b69b907c81a98b175042800b5b73f44d7dd78e5bdfb9457b566c71c26725ca013d4a2cac58d754

  • SSDEEP

    786432:fuSDoRf9mHLCWWgdWThWl61DA6bNAtj/OOz:f7sB9ILx7dYhu6dA6bu5/OOz

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 9 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe
    "C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1108
    • C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe
      -deleter
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      PID:1160

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp4004.tmp\IGdi.dll

    Filesize

    180KB

    MD5

    8ad3694ed719c2a58c0c4e865d244ac2

    SHA1

    dea792ffb0caca892c7cb415ce2b1f235a7e36e0

    SHA256

    931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e

    SHA512

    f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e

  • C:\Users\Admin\AppData\Local\Temp\ISPackFiles.ini

    Filesize

    816B

    MD5

    7bcb4090059c50a803c2e09b89ce5a90

    SHA1

    81e920006db70d18ee04b889c57bdf963c6f39d1

    SHA256

    6767bfcb8ac28d2fd2914002b4508db93c5626c378fe62f8ee4a14e883b5ce0c

    SHA512

    719bc616f574e91d312b8e41b52e5d01ead72a48f763a53dea2746ae014c4529b5c95477afad25ea15a3cfb76e44cfcb87829b59c952b907c55eb8a0dd95d57f

  • C:\Users\Admin\AppData\Local\Temp\_isdelet.ini

    Filesize

    155B

    MD5

    25c2181da7f5f0a195ed6112b4fff408

    SHA1

    da52476fb21cd60ebb3df498129a77f716877ff9

    SHA256

    387327db89f87cd18d2ec5a1888f33ec4ac51fb2935ec8459f910e1a0c7dbbc7

    SHA512

    dfbc04daeefebbd134a7a20f212ed27bbcce19f534a02262b6f5dfe77691979285e41262c2be3048900b4e4fd7323231236994fccaa1225feca90dccf221790b

  • C:\Users\Admin\AppData\Local\Temp\bye2ECF.tmp\Disk1\setup.ibt

    Filesize

    436KB

    MD5

    ab8c05ee07c56952431963731eb82bb3

    SHA1

    c32334eaf5a3db1f7f65baf0e9ce12fa0f44e10a

    SHA256

    4b54bc15bec97d1c99071f5dd0c15b69ded8cbd100e83e06eae26951df1e11a7

    SHA512

    6a48bcfc22fdaeb1547778941d728c40f49ec5eec95476ea36778b0bf5a6739939816e06b3d25592404acdbda662d24bdbfab5f1d8f8454654444754d5b7b8b4

  • C:\Users\Admin\AppData\Local\Temp\bye2ECF.tmp\Disk1\setup.ini

    Filesize

    495B

    MD5

    2a2fbcf413ab25c85cb272c11af2c45a

    SHA1

    fd0e33defa52a03381fa660d6272b79e2cf85b00

    SHA256

    ef8a52e74c3dc51c912c51694e3a955b1dea0687e29d2619720049389c86f3a9

    SHA512

    0730c95a135ce860170d0a87b7d1998df4ca887146a521039d6470abf03b703d8ce5fa60db3258c87593cc2fce807816367ec3e21a10efade1539b8687c9944b

  • C:\Users\Admin\AppData\Local\Temp\isp3E2B.tmp\setup.dll

    Filesize

    304KB

    MD5

    b438fa73acd654fea5cef199c848d2da

    SHA1

    f15dbcc9057c796aa39d1bcd76979272c3d34e36

    SHA256

    ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

    SHA512

    c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

  • C:\Users\Admin\AppData\Local\Temp\isp4003.tmp\_Setup.dll

    Filesize

    372KB

    MD5

    23e8aa7789a60eb6851c30c6fedbf806

    SHA1

    7bf3d293b68d3dfa724cbfe5fce05c6a29276536

    SHA256

    d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d

    SHA512

    f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62

  • C:\Users\Admin\AppData\Local\Temp\isp4003.tmp\_Setup.dll

    Filesize

    372KB

    MD5

    23e8aa7789a60eb6851c30c6fedbf806

    SHA1

    7bf3d293b68d3dfa724cbfe5fce05c6a29276536

    SHA256

    d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d

    SHA512

    f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62

  • C:\Users\Admin\AppData\Local\Temp\set3F66.tmp

    Filesize

    164KB

    MD5

    97344738221d2ae326d675c9ae92c9ab

    SHA1

    69fcb42f7de431a4dd0447f37f8609824370ef44

    SHA256

    a34471a64ef01e349ad64c7643b1a09ee8063144d259330f98e2a69a5303398e

    SHA512

    0cce6da545c4456637605c645b6d8614fc9185b171afb82935c657c1ae113cec458f69d9a8db429a9b9395c5ba9b8de535774a6a9a367d4d87d4d1544d82dbf6

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKe4DCC.tmp

    Filesize

    708KB

    MD5

    6c5249a68c2b40f971e152ced8ac5de9

    SHA1

    64d7a6397b1b31e731cecfd32dc0b1ee31bd9c93

    SHA256

    1b18eea064a285fcd3431c328e54e59608f2690a82cb29535365d6232efd4f91

    SHA512

    c59daef7e6e0d3687ea4085bc31c8ff8c6d26f289a6a8730f0363e93e2e0a6ca339093fab734ca5d57f4f43a179a0b6d4e7b5b0580399f9b7f6caa4268316446

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKe4DCC.tmp

    Filesize

    708KB

    MD5

    6c5249a68c2b40f971e152ced8ac5de9

    SHA1

    64d7a6397b1b31e731cecfd32dc0b1ee31bd9c93

    SHA256

    1b18eea064a285fcd3431c328e54e59608f2690a82cb29535365d6232efd4f91

    SHA512

    c59daef7e6e0d3687ea4085bc31c8ff8c6d26f289a6a8730f0363e93e2e0a6ca339093fab734ca5d57f4f43a179a0b6d4e7b5b0580399f9b7f6caa4268316446

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp3F65.tmp\setup.dll

    Filesize

    304KB

    MD5

    b438fa73acd654fea5cef199c848d2da

    SHA1

    f15dbcc9057c796aa39d1bcd76979272c3d34e36

    SHA256

    ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

    SHA512

    c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp3F65.tmp\setup.dll

    Filesize

    304KB

    MD5

    b438fa73acd654fea5cef199c848d2da

    SHA1

    f15dbcc9057c796aa39d1bcd76979272c3d34e36

    SHA256

    ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

    SHA512

    c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp4004.tmp\IGdi.dll

    Filesize

    180KB

    MD5

    8ad3694ed719c2a58c0c4e865d244ac2

    SHA1

    dea792ffb0caca892c7cb415ce2b1f235a7e36e0

    SHA256

    931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e

    SHA512

    f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp4004.tmp\IGdi.dll

    Filesize

    180KB

    MD5

    8ad3694ed719c2a58c0c4e865d244ac2

    SHA1

    dea792ffb0caca892c7cb415ce2b1f235a7e36e0

    SHA256

    931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e

    SHA512

    f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e

  • \Users\Admin\AppData\Local\Temp\isp3E2B.tmp\setup.dll

    Filesize

    304KB

    MD5

    b438fa73acd654fea5cef199c848d2da

    SHA1

    f15dbcc9057c796aa39d1bcd76979272c3d34e36

    SHA256

    ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

    SHA512

    c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

  • \Users\Admin\AppData\Local\Temp\isp3E2B.tmp\setup.dll

    Filesize

    304KB

    MD5

    b438fa73acd654fea5cef199c848d2da

    SHA1

    f15dbcc9057c796aa39d1bcd76979272c3d34e36

    SHA256

    ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae

    SHA512

    c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c

  • \Users\Admin\AppData\Local\Temp\isp4003.tmp\_Setup.dll

    Filesize

    372KB

    MD5

    23e8aa7789a60eb6851c30c6fedbf806

    SHA1

    7bf3d293b68d3dfa724cbfe5fce05c6a29276536

    SHA256

    d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d

    SHA512

    f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62