Overview

overview

10

Static

static

3

06583e57b0...87.exe

windows7-x64

7

06583e57b0...87.exe

windows10-2004-x64

10

2e4156dba6...a6.exe

windows7-x64

7

2e4156dba6...a6.exe

windows10-2004-x64

7

8525c99383...cf.exe

windows7-x64

7

8525c99383...cf.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    299s
  • max time network
    274s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    30-06-2023 00:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.exe

  • Size

    38.6MB

  • MD5

    b0cce809fe88b73d7532373911c23bd0

  • SHA1

    c50f7fd9bb65dcd350909e367865ebe9bff894ff

  • SHA256

    8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf

  • SHA512

    3ab841cdce17bc666e246fa61065eeda5f8c8d95d93045dac2036e566b8d708dd5119f16640a8dfc2f63d386d7d09ea0bd6b697642f67de5aae47a849daea33f

  • SSDEEP

    786432:yC4PWjsUxcIIKD+0XXeWkePNwmALcekMhu9D+0h7lvWZ3gqL/xR5lQzzLE:yCcUOIIKD+YOWRPNwNTd6+wlvKVL/das

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 10 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 6 IoCs
  • Modifies registry class 16 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.exe
    "C:\Users\Admin\AppData\Local\Temp\8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1348
    • C:\Users\Admin\AppData\Local\Temp\is-AJL66.tmp\8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-AJL66.tmp\8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.tmp" /SL5="$70126,39573139,814592,C:\Users\Admin\AppData\Local\Temp\8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:1064
      • C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
        "C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops desktop.ini file(s)
        • Enumerates system info in registry
        • Modifies registry class
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:324

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-AJL66.tmp\8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.tmp
    Filesize

    3.0MB

    MD5

    ce3b2ef0b07d1770ddd8fa09a34138de

    SHA1

    d07d12411d4a95cd26701fe83eb6d90d81103eee

    SHA256

    22e0e4420698350d18a6c02244c5fa1ff2c772eacb9e7019a8f212b479934386

    SHA512

    02edc78f9b7c8ad01a79243bbc7b51d2b86fb650535d134cc06360519b49ed30241de5cb916ab0624098e2b2b4c94b246e0fcf19e513b4e526100d46db652442

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-AJL66.tmp\8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.tmp
    Filesize

    3.0MB

    MD5

    ce3b2ef0b07d1770ddd8fa09a34138de

    SHA1

    d07d12411d4a95cd26701fe83eb6d90d81103eee

    SHA256

    22e0e4420698350d18a6c02244c5fa1ff2c772eacb9e7019a8f212b479934386

    SHA512

    02edc78f9b7c8ad01a79243bbc7b51d2b86fb650535d134cc06360519b49ed30241de5cb916ab0624098e2b2b4c94b246e0fcf19e513b4e526100d46db652442

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Telegram Desktop\modules\x64\d3d\d3dcompiler_47.dll
    Filesize

    4.7MB

    MD5

    62a89e7867d853fee9ad07b7c9d64379

    SHA1

    944a53602492187308352103d80ff27af1093abf

    SHA256

    d412909f1b597045b856caecedfc677eb4708af00e5b70788a01fa6af49c09d9

    SHA512

    7f66bf278222bf1079a3695ad55086ccc7d8b05d7db4f9a5bcbfe4ac8d82bc1a618b1c6dc675da61d47f48fce2b0670ce6f66db63e79e232604304cfc629d6d0

    Download Submit

  • \Users\Admin\AppData\Local\Temp\is-AJL66.tmp\8525c99383b0acaeed302488b50a36439b71083e851bb28b65a893bf8ed944cf.tmp
    Filesize

    3.0MB

    MD5

    ce3b2ef0b07d1770ddd8fa09a34138de

    SHA1

    d07d12411d4a95cd26701fe83eb6d90d81103eee

    SHA256

    22e0e4420698350d18a6c02244c5fa1ff2c772eacb9e7019a8f212b479934386

    SHA512

    02edc78f9b7c8ad01a79243bbc7b51d2b86fb650535d134cc06360519b49ed30241de5cb916ab0624098e2b2b4c94b246e0fcf19e513b4e526100d46db652442

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\Telegram.exe
    Filesize

    127.6MB

    MD5

    fd8304d231ca5513640145cabf30a301

    SHA1

    67ad3eaca6099311f4ca0f7d0faee89a94916107

    SHA256

    4e061db8b40002e1e6c4c1fe513b1da50c63f639f407e17fc4e8cf4a9ec34e7e

    SHA512

    7072499b21333880acf41abc1e8eec144ae6957d383dc6921eb97a3e61e8c97faa9037213d2d7fcfc5f3161dd8a33d2cfda81052446ea58b574d001ef497c253

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\modules\x64\d3d\d3dcompiler_47.dll
    Filesize

    4.7MB

    MD5

    62a89e7867d853fee9ad07b7c9d64379

    SHA1

    944a53602492187308352103d80ff27af1093abf

    SHA256

    d412909f1b597045b856caecedfc677eb4708af00e5b70788a01fa6af49c09d9

    SHA512

    7f66bf278222bf1079a3695ad55086ccc7d8b05d7db4f9a5bcbfe4ac8d82bc1a618b1c6dc675da61d47f48fce2b0670ce6f66db63e79e232604304cfc629d6d0

    Download Submit

  • \Users\Admin\AppData\Roaming\Telegram Desktop\unins000.exe
    Filesize

    3.0MB

    MD5

    3d03b7877523f08e2d5ce6f9ddbe92ff

    SHA1

    54fc61352598442e867a31c9654949a9248d5ac7

    SHA256

    b9400b7cc340fa6494d00d8947b2b185b6c168e485dd584ab82d55edf484e932

    SHA512

    8ee5a37a06e95ea5a5f3fe7c8d0cffbb4835286b689f4e10c942c4581a7ae5922284a4519424b93dc69830ae5bd7ebf7ae023d3ee3a4b2182c592817144077b8

    Download Submit

  • memory/324-126-0x0000000000730000-0x000000000073A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/324-125-0x0000000000730000-0x000000000073A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/324-177-0x0000000002130000-0x000000000213A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/324-141-0x0000000002130000-0x000000000213A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/324-140-0x0000000002130000-0x000000000213A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/324-124-0x0000000000730000-0x000000000073A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/324-123-0x0000000000730000-0x000000000073A000-memory.dmp

    Filesize

    40KB

    Download

  • memory/324-122-0x00000000003B0000-0x00000000003C0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1064-64-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1064-86-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1064-97-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1064-112-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1064-105-0x0000000000400000-0x000000000070F000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1064-61-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1064-65-0x0000000000240000-0x0000000000241000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1348-117-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1348-54-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download

  • memory/1348-63-0x0000000000400000-0x00000000004D4000-memory.dmp

    Filesize

    848KB

    Download