Analysis
-
max time kernel
29s -
max time network
34s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
14-06-2023 09:30
Static task
static1
Behavioral task
behavioral1
Sample
TELDAT_EntryCl_Win_230_146.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
TELDAT_EntryCl_Win_230_146.exe
Resource
win10v2004-20230220-en
General
-
Target
TELDAT_EntryCl_Win_230_146.exe
-
Size
28.4MB
-
MD5
3e19807e762d51398a30b73fcc301e1d
-
SHA1
ed05dff46d0b6b87152abf0f906d1bdd08bb6ffd
-
SHA256
f3179c84d96bacec06f48367a24f3d3acdba463c93bd1103832403b39f4bcf99
-
SHA512
d0a18db1a113160aa72bb04210ae16d5533873317d29cf8d18b69b907c81a98b175042800b5b73f44d7dd78e5bdfb9457b566c71c26725ca013d4a2cac58d754
-
SSDEEP
786432:fuSDoRf9mHLCWWgdWThWl61DA6bNAtj/OOz:f7sB9ILx7dYhu6dA6bu5/OOz
Malware Config
Signatures
-
Loads dropped DLL 9 IoCs
pid Process 1160 TELDAT_EntryCl_Win_230_146.exe 1160 TELDAT_EntryCl_Win_230_146.exe 1160 TELDAT_EntryCl_Win_230_146.exe 1160 TELDAT_EntryCl_Win_230_146.exe 1160 TELDAT_EntryCl_Win_230_146.exe 1160 TELDAT_EntryCl_Win_230_146.exe 1160 TELDAT_EntryCl_Win_230_146.exe 1160 TELDAT_EntryCl_Win_230_146.exe 1160 TELDAT_EntryCl_Win_230_146.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Drops file in Program Files directory 4 IoCs
description ioc Process File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp4004.tmp\temp.000 TELDAT_EntryCl_Win_230_146.exe File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKe4DCC.tmp TELDAT_EntryCl_Win_230_146.exe File opened for modification C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKe4DCC.tmp TELDAT_EntryCl_Win_230_146.exe File created C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp3F65.tmp\temp.000 TELDAT_EntryCl_Win_230_146.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 1108 wrote to memory of 1160 1108 TELDAT_EntryCl_Win_230_146.exe 27 PID 1108 wrote to memory of 1160 1108 TELDAT_EntryCl_Win_230_146.exe 27 PID 1108 wrote to memory of 1160 1108 TELDAT_EntryCl_Win_230_146.exe 27 PID 1108 wrote to memory of 1160 1108 TELDAT_EntryCl_Win_230_146.exe 27 PID 1108 wrote to memory of 1160 1108 TELDAT_EntryCl_Win_230_146.exe 27 PID 1108 wrote to memory of 1160 1108 TELDAT_EntryCl_Win_230_146.exe 27 PID 1108 wrote to memory of 1160 1108 TELDAT_EntryCl_Win_230_146.exe 27
Processes
-
C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe"C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1108 -
C:\Users\Admin\AppData\Local\Temp\TELDAT_EntryCl_Win_230_146.exe-deleter2⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:1160
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp4004.tmp\IGdi.dll
Filesize180KB
MD58ad3694ed719c2a58c0c4e865d244ac2
SHA1dea792ffb0caca892c7cb415ce2b1f235a7e36e0
SHA256931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e
SHA512f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e
-
Filesize
816B
MD57bcb4090059c50a803c2e09b89ce5a90
SHA181e920006db70d18ee04b889c57bdf963c6f39d1
SHA2566767bfcb8ac28d2fd2914002b4508db93c5626c378fe62f8ee4a14e883b5ce0c
SHA512719bc616f574e91d312b8e41b52e5d01ead72a48f763a53dea2746ae014c4529b5c95477afad25ea15a3cfb76e44cfcb87829b59c952b907c55eb8a0dd95d57f
-
Filesize
155B
MD525c2181da7f5f0a195ed6112b4fff408
SHA1da52476fb21cd60ebb3df498129a77f716877ff9
SHA256387327db89f87cd18d2ec5a1888f33ec4ac51fb2935ec8459f910e1a0c7dbbc7
SHA512dfbc04daeefebbd134a7a20f212ed27bbcce19f534a02262b6f5dfe77691979285e41262c2be3048900b4e4fd7323231236994fccaa1225feca90dccf221790b
-
Filesize
436KB
MD5ab8c05ee07c56952431963731eb82bb3
SHA1c32334eaf5a3db1f7f65baf0e9ce12fa0f44e10a
SHA2564b54bc15bec97d1c99071f5dd0c15b69ded8cbd100e83e06eae26951df1e11a7
SHA5126a48bcfc22fdaeb1547778941d728c40f49ec5eec95476ea36778b0bf5a6739939816e06b3d25592404acdbda662d24bdbfab5f1d8f8454654444754d5b7b8b4
-
Filesize
495B
MD52a2fbcf413ab25c85cb272c11af2c45a
SHA1fd0e33defa52a03381fa660d6272b79e2cf85b00
SHA256ef8a52e74c3dc51c912c51694e3a955b1dea0687e29d2619720049389c86f3a9
SHA5120730c95a135ce860170d0a87b7d1998df4ca887146a521039d6470abf03b703d8ce5fa60db3258c87593cc2fce807816367ec3e21a10efade1539b8687c9944b
-
Filesize
304KB
MD5b438fa73acd654fea5cef199c848d2da
SHA1f15dbcc9057c796aa39d1bcd76979272c3d34e36
SHA256ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae
SHA512c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c
-
Filesize
372KB
MD523e8aa7789a60eb6851c30c6fedbf806
SHA17bf3d293b68d3dfa724cbfe5fce05c6a29276536
SHA256d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d
SHA512f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62
-
Filesize
372KB
MD523e8aa7789a60eb6851c30c6fedbf806
SHA17bf3d293b68d3dfa724cbfe5fce05c6a29276536
SHA256d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d
SHA512f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62
-
Filesize
164KB
MD597344738221d2ae326d675c9ae92c9ab
SHA169fcb42f7de431a4dd0447f37f8609824370ef44
SHA256a34471a64ef01e349ad64c7643b1a09ee8063144d259330f98e2a69a5303398e
SHA5120cce6da545c4456637605c645b6d8614fc9185b171afb82935c657c1ae113cec458f69d9a8db429a9b9395c5ba9b8de535774a6a9a367d4d87d4d1544d82dbf6
-
Filesize
708KB
MD56c5249a68c2b40f971e152ced8ac5de9
SHA164d7a6397b1b31e731cecfd32dc0b1ee31bd9c93
SHA2561b18eea064a285fcd3431c328e54e59608f2690a82cb29535365d6232efd4f91
SHA512c59daef7e6e0d3687ea4085bc31c8ff8c6d26f289a6a8730f0363e93e2e0a6ca339093fab734ca5d57f4f43a179a0b6d4e7b5b0580399f9b7f6caa4268316446
-
Filesize
708KB
MD56c5249a68c2b40f971e152ced8ac5de9
SHA164d7a6397b1b31e731cecfd32dc0b1ee31bd9c93
SHA2561b18eea064a285fcd3431c328e54e59608f2690a82cb29535365d6232efd4f91
SHA512c59daef7e6e0d3687ea4085bc31c8ff8c6d26f289a6a8730f0363e93e2e0a6ca339093fab734ca5d57f4f43a179a0b6d4e7b5b0580399f9b7f6caa4268316446
-
\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp3F65.tmp\setup.dll
Filesize304KB
MD5b438fa73acd654fea5cef199c848d2da
SHA1f15dbcc9057c796aa39d1bcd76979272c3d34e36
SHA256ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae
SHA512c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c
-
\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp3F65.tmp\setup.dll
Filesize304KB
MD5b438fa73acd654fea5cef199c848d2da
SHA1f15dbcc9057c796aa39d1bcd76979272c3d34e36
SHA256ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae
SHA512c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c
-
\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp4004.tmp\IGdi.dll
Filesize180KB
MD58ad3694ed719c2a58c0c4e865d244ac2
SHA1dea792ffb0caca892c7cb415ce2b1f235a7e36e0
SHA256931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e
SHA512f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e
-
\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\isp4004.tmp\IGdi.dll
Filesize180KB
MD58ad3694ed719c2a58c0c4e865d244ac2
SHA1dea792ffb0caca892c7cb415ce2b1f235a7e36e0
SHA256931d1dbd0e07e457cc733a464c27259fd9d925ee93695ccd6a6c99efe3a92a7e
SHA512f23b60bcd945f69513e82f41241b631b017803ce60595489327cc2503049cb68c0e09a30a2e41d50c4bec6cff87acb608debde30463a303a3898a0f9dc68bd5e
-
Filesize
304KB
MD5b438fa73acd654fea5cef199c848d2da
SHA1f15dbcc9057c796aa39d1bcd76979272c3d34e36
SHA256ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae
SHA512c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c
-
Filesize
304KB
MD5b438fa73acd654fea5cef199c848d2da
SHA1f15dbcc9057c796aa39d1bcd76979272c3d34e36
SHA256ac836cbf1f19d9e7337fff04fe7f1f9fa81cf9146377eda1484c2c04b96e62ae
SHA512c28b002221da75cd5c66db8dac33ecea63dd0138506e860eb54848cea8a156df2f3f05b32afd5228b10c931d1cc295a14dcbf346796fe29bec2a96c19880703c
-
Filesize
372KB
MD523e8aa7789a60eb6851c30c6fedbf806
SHA17bf3d293b68d3dfa724cbfe5fce05c6a29276536
SHA256d6b8fb12970878768f50b48e4cee016adf88f47000f4575f87b08c17d92c0c6d
SHA512f3b35a3dcf61943d4a6efff916a84547091ef0076657dbdad55c9ffc1be9cfbab4ffa820a83b98e8fcc2847bab832c53e1e77a36ea1e2bb8360dd22235ec2f62