Overview

overview

7

Static

static

3

clp2.exe

windows7-x64

7

clp2.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    29s
  • max time network
    34s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    14/06/2023, 14:54

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    clp2.exe

  • Size

    7.1MB

  • MD5

    5e1dac9feac98acbe6fd54766f3d1d1e

  • SHA1

    cec1b04e2440a2f90e6d77ad77518dda1e7be404

  • SHA256

    1bceaf4f262ef3c132b824d2ac4727b33b113b974665015ccd265e347dba02e2

  • SHA512

    89b5e7c3604291807a5883cfe85027cef12f92ca429af5f648c0a564cbcfbe03123be6882ab6937d1386431e5ae25123b9866592bc2733654e4500f55796c3f2

  • SSDEEP

    98304:xIZc7bvM1hiOh6lj5PXm6hC59xph1avNQHbsNhILM5WdN3SzK9zu:xI6/Ohhh6lY6I5phIvNQCILM5WLC+9C

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\clp2.exe
    "C:\Users\Admin\AppData\Local\Temp\clp2.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\ProgramData\TemplatesMicrosoft-DPX47.2.1.4\TemplatesMicrosoft-DPX47.2.1.4.exe
      C:\ProgramData\TemplatesMicrosoft-DPX47.2.1.4\TemplatesMicrosoft-DPX47.2.1.4.exe
      2⤵
      • Executes dropped EXE
      PID:2040

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\TemplatesMicrosoft-DPX47.2.1.4\TemplatesMicrosoft-DPX47.2.1.4.exe
    Filesize

    111.2MB

    MD5

    51a773f0b7fff2f8ac8f42522723854d

    SHA1

    1c62228d9c9e01c738b3e6bc208dc28fd1279c95

    SHA256

    a8e44c379872fad16c12ce261614379c7d3cc9d22260bab7836ff29f0e2f47fd

    SHA512

    e6114bfce1cb27f679794097deb082c051bf2b9c7befdd919f1c9fcfffffcf3cc32ee11e46af704fcb0998530398aef58294bdb35ea2552e352704e7121375dd

    Download Submit

  • \ProgramData\TemplatesMicrosoft-DPX47.2.1.4\TemplatesMicrosoft-DPX47.2.1.4.exe
    Filesize

    114.0MB

    MD5

    a915912a5cba02979c7259101e4ae94b

    SHA1

    178997476729d36d3685ac94eaf800843cc38329

    SHA256

    4234dd5826156a717622af09dbc62d8b34c30197cdebe482b80a401073f37a5f

    SHA512

    f7b6e65b4c536e61d4d82c645d9046d9c9272b9e8fd1e158ae47347d36c0900f81edc011bbd15edf955d1a1c3a0bfe0e7f07a8dcb12904e83fa406e703ef4499

    Download Submit

  • memory/1488-54-0x000000013FAB0000-0x00000001401CE000-memory.dmp

    Filesize

    7.1MB

    Download

  • memory/2040-59-0x000000013F2A0000-0x000000013F9BE000-memory.dmp

    Filesize

    7.1MB

    Download