f71dc98d24e0e3b7ef9971f2efccf109955f1aa25e17db58498c12156af71394

Analysis

max time kernel
129s
max time network
30s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
14-06-2023 15:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TeamViewer_sibdownload.com.exe
Size

8.5MB
MD5

8410ea296decf0278be5845ad92a20a7
SHA1

7de04b3218cc95dd054e474a57aa928074c294ff
SHA256

f71dc98d24e0e3b7ef9971f2efccf109955f1aa25e17db58498c12156af71394
SHA512

937bace2d7d8df58eb11d5ae0580ba51d81d0d35042647da74b006bfbee872666eed26d33debc9743353edf37bc5432b3759fb4757723b2a88f77cbe3b1fc6f2
SSDEEP

196608:AqIShF+3D4sIpm2V4sMDqRGqVulkldpsBH20bqgc:AqBWTOV4sMDqEqVuAdpsBHvGgc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
932	TeamViewer_.exe

Loads dropped DLL 13 IoCs

pid	Process
2012	TeamViewer_sibdownload.com.exe
2012	TeamViewer_sibdownload.com.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe
932	TeamViewer_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
932	TeamViewer_.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 932	2012	TeamViewer_sibdownload.com.exe	27
PID 2012 wrote to memory of 932	2012	TeamViewer_sibdownload.com.exe	27
PID 2012 wrote to memory of 932	2012	TeamViewer_sibdownload.com.exe	27
PID 2012 wrote to memory of 932	2012	TeamViewer_sibdownload.com.exe	27
PID 2012 wrote to memory of 932	2012	TeamViewer_sibdownload.com.exe	27
PID 2012 wrote to memory of 932	2012	TeamViewer_sibdownload.com.exe	27
PID 2012 wrote to memory of 932	2012	TeamViewer_sibdownload.com.exe	27

C:\Users\Admin\AppData\Local\Temp\TeamViewer_sibdownload.com.exe
"C:\Users\Admin\AppData\Local\Temp\TeamViewer_sibdownload.com.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2012
- C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe
  "C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:932

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

Filesize
8.4MB

MD5
39b84bf3eeef00f20dcb69754e120876

SHA1
de3268a3f67c9c78799a802a2ee4420b9e88e77c

SHA256
1d3f41e3b7d9d07f742464a71446225d25cdd855903e3a9978a6b87a1e425421

SHA512
9aa1975c4d1b87091cc5c9b8ab83edc505b63a3cb95a9fbc999afef4907793281af143f8e8efa4ec79d7ff10b46fe41adf45ebca18b64f4d1b72bff146804522

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

Filesize
8.4MB

MD5
39b84bf3eeef00f20dcb69754e120876

SHA1
de3268a3f67c9c78799a802a2ee4420b9e88e77c

SHA256
1d3f41e3b7d9d07f742464a71446225d25cdd855903e3a9978a6b87a1e425421

SHA512
9aa1975c4d1b87091cc5c9b8ab83edc505b63a3cb95a9fbc999afef4907793281af143f8e8efa4ec79d7ff10b46fe41adf45ebca18b64f4d1b72bff146804522

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeamViewer\tvinfo.ini

Filesize
56B

MD5
3cad4184f03ebc397ee933485bfd8bec

SHA1
1eae45980f7079cae7b979a4fae9ef556bb8b87a

SHA256
07d78e97b1a4f6c11b95cba7db81dfefd79d45841839d08e1b8271eeaee5b885

SHA512
451bfeeb7aa401af59a0d9404dd337129263db3a272f0035a0d8c5858fcb388c6bc31fb2651be4068abeee7a08d8c2a72ba9c2529244418622683a818013dd0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsj6338.tmp\TvGetVersion.dll

Filesize
152KB

MD5
63a1e68cac00ced9a223a63dfef18fb2

SHA1
ed06a5a6feec468ad1860f3b43fbfbbe90ec9eea

SHA256
aad1cf72dca9ba974257991d9299be7bbf3e02c26b23fc72a9710cde34e441c2

SHA512
48bfabe6c54e7a5590814bfa8db48c519b85d5565c4d5b344aa5357e14dc2a69e23d158b76e6eb2c9f44c4c811590c118d092864dc18b02f592d76c73601e67b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\start_unicode.ini

Filesize
2KB

MD5
2a8a139cdab38b5f4264ae82850cbd22

SHA1
816e8acb2adc36c7f138f963a9802622dfc9536a

SHA256
94bde605292510f8ae6df19083130770ae8c754906007ea93150cab63962190b

SHA512
d6f99e88e72cfb28afc4af0780d2ac380f00f9fe9265cbbb4b8e6390e9b6ee5870a723e1971288783fd919158659ff214bab383242fa22470d9f6f1a170e2cf1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\start_unicode.ini

Filesize
2KB

MD5
3ba14db449353fcedeb7f12a1db83ac3

SHA1
16ba9fdbcdd74f30a1f9f93f1a0d88acc3168eca

SHA256
1cc9553d3c113b58b3eea1895065caa28f457a258e5508bba1914f60ceb16e53

SHA512
18be6946d3f7e53318b1e572ac4cc1642473954af42444b14434e43e46d1c40cb38741f5db2be880ebcb0459797249fcd092afb9e5db535a6d4894b3b987d63b

Download Submit
\Users\Admin\AppData\Local\Temp\TeamViewer\TeamViewer_.exe

Filesize
8.4MB

MD5
39b84bf3eeef00f20dcb69754e120876

SHA1
de3268a3f67c9c78799a802a2ee4420b9e88e77c

SHA256
1d3f41e3b7d9d07f742464a71446225d25cdd855903e3a9978a6b87a1e425421

SHA512
9aa1975c4d1b87091cc5c9b8ab83edc505b63a3cb95a9fbc999afef4907793281af143f8e8efa4ec79d7ff10b46fe41adf45ebca18b64f4d1b72bff146804522

Download Submit
\Users\Admin\AppData\Local\Temp\nsj6338.tmp\TvGetVersion.dll

Filesize
152KB

MD5
63a1e68cac00ced9a223a63dfef18fb2

SHA1
ed06a5a6feec468ad1860f3b43fbfbbe90ec9eea

SHA256
aad1cf72dca9ba974257991d9299be7bbf3e02c26b23fc72a9710cde34e441c2

SHA512
48bfabe6c54e7a5590814bfa8db48c519b85d5565c4d5b344aa5357e14dc2a69e23d158b76e6eb2c9f44c4c811590c118d092864dc18b02f592d76c73601e67b

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\InstallOptions.dll

Filesize
15KB

MD5
89351a0a6a89519c86c5531e20dab9ea

SHA1
9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

SHA256
f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

SHA512
13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\System.dll

Filesize
11KB

MD5
bf712f32249029466fa86756f5546950

SHA1
75ac4dc4808ac148ddd78f6b89a51afbd4091c2e

SHA256
7851cb12fa4131f1fee5de390d650ef65cac561279f1cfe70ad16cc9780210af

SHA512
13f69959b28416e0b8811c962a49309dca3f048a165457051a28a3eb51377dcaf99a15e86d7eee8f867a9e25ecf8c44da370ac8f530eeae7b5252eaba64b96f4

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\TvGetVersion.dll

Filesize
152KB

MD5
63a1e68cac00ced9a223a63dfef18fb2

SHA1
ed06a5a6feec468ad1860f3b43fbfbbe90ec9eea

SHA256
aad1cf72dca9ba974257991d9299be7bbf3e02c26b23fc72a9710cde34e441c2

SHA512
48bfabe6c54e7a5590814bfa8db48c519b85d5565c4d5b344aa5357e14dc2a69e23d158b76e6eb2c9f44c4c811590c118d092864dc18b02f592d76c73601e67b

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\TvGetVersion.dll

Filesize
152KB

MD5
63a1e68cac00ced9a223a63dfef18fb2

SHA1
ed06a5a6feec468ad1860f3b43fbfbbe90ec9eea

SHA256
aad1cf72dca9ba974257991d9299be7bbf3e02c26b23fc72a9710cde34e441c2

SHA512
48bfabe6c54e7a5590814bfa8db48c519b85d5565c4d5b344aa5357e14dc2a69e23d158b76e6eb2c9f44c4c811590c118d092864dc18b02f592d76c73601e67b

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\TvGetVersion.dll

Filesize
152KB

MD5
63a1e68cac00ced9a223a63dfef18fb2

SHA1
ed06a5a6feec468ad1860f3b43fbfbbe90ec9eea

SHA256
aad1cf72dca9ba974257991d9299be7bbf3e02c26b23fc72a9710cde34e441c2

SHA512
48bfabe6c54e7a5590814bfa8db48c519b85d5565c4d5b344aa5357e14dc2a69e23d158b76e6eb2c9f44c4c811590c118d092864dc18b02f592d76c73601e67b

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\TvGetVersion.dll

Filesize
152KB

MD5
63a1e68cac00ced9a223a63dfef18fb2

SHA1
ed06a5a6feec468ad1860f3b43fbfbbe90ec9eea

SHA256
aad1cf72dca9ba974257991d9299be7bbf3e02c26b23fc72a9710cde34e441c2

SHA512
48bfabe6c54e7a5590814bfa8db48c519b85d5565c4d5b344aa5357e14dc2a69e23d158b76e6eb2c9f44c4c811590c118d092864dc18b02f592d76c73601e67b

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\TvGetVersion.dll

Filesize
152KB

MD5
63a1e68cac00ced9a223a63dfef18fb2

SHA1
ed06a5a6feec468ad1860f3b43fbfbbe90ec9eea

SHA256
aad1cf72dca9ba974257991d9299be7bbf3e02c26b23fc72a9710cde34e441c2

SHA512
48bfabe6c54e7a5590814bfa8db48c519b85d5565c4d5b344aa5357e14dc2a69e23d158b76e6eb2c9f44c4c811590c118d092864dc18b02f592d76c73601e67b

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\TvGetVersion.dll

Filesize
152KB

MD5
63a1e68cac00ced9a223a63dfef18fb2

SHA1
ed06a5a6feec468ad1860f3b43fbfbbe90ec9eea

SHA256
aad1cf72dca9ba974257991d9299be7bbf3e02c26b23fc72a9710cde34e441c2

SHA512
48bfabe6c54e7a5590814bfa8db48c519b85d5565c4d5b344aa5357e14dc2a69e23d158b76e6eb2c9f44c4c811590c118d092864dc18b02f592d76c73601e67b

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\UserInfo.dll

Filesize
4KB

MD5
c7ce0e47c83525983fd2c4c9566b4aad

SHA1
38b7ad7bb32ffae35540fce373b8a671878dc54e

SHA256
6293408a5fa6d0f55f0a4d01528eb5b807ee9447a75a28b5986267475ebcd3ae

SHA512
ee9f23ea5210f418d4c559628bbfb3a0f892440bcd5dc4c1901cb8e510078e4481ea8353b262795076a19055e70b88e08fee5fb7e8f35a6f49022096408df20e

Download Submit
\Users\Admin\AppData\Local\Temp\nso6A0C.tmp\linker.dll

Filesize
45KB

MD5
4ac3f0ab2e423515ed9c575333342054

SHA1
a3e4f2b2135157f964d471564044b023a64f2532

SHA256
f223d6c72f86544b358a6301daf60ccdd86198f32e3447a1860acf3f59f2dae9

SHA512
8fbd5b4989be51c27fa15af155d2921bea9aa5d0557a22d4224256e678dfe7dcaa5f80917a748c31dc9c9a91573e4618e2497ccfd47eefd7a0fa08c12366a1e5

Download Submit