Analysis

  • max time kernel
    141s
  • max time network
    31s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    02/07/2023, 04:11

General

  • Target

    file.exe

  • Size

    1.1MB

  • MD5

    9da769212c411ae4d04263c3eadc1593

  • SHA1

    c437bb5ad3e6824cacab0d827b10af71c3bfc72d

  • SHA256

    a43a7a8d46e524734b4fa9f36fd8b360e40cf314fc9c7775f4ffe651303f69c8

  • SHA512

    e7b1b88ac2f5d5d0c016cc4360b8311180981b7c636c7d2ff1f20cbd5bf8cd894c0a44d2955177605c9f2086e084033a4faff4318fa0b50ceeed667b2dfebcd1

  • SSDEEP

    24576:JfOyJG4ATUQoxYM1zhks3L5S+fXvLvcbnnNUWCMW6:JGODgXoxd11kYLdfzvMnvT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1376
    • C:\Users\Admin\AppData\Local\Temp\is-HRH6C.tmp\is-PO6GJ.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-HRH6C.tmp\is-PO6GJ.tmp" /SL4 $70124 "C:\Users\Admin\AppData\Local\Temp\file.exe" 930166 73728
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: GetForegroundWindowSpam
      PID:940

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\RejSpacer72\readme.txt

          Filesize

          4KB

          MD5

          ce494d2d223aed950fea67f657d3fa3e

          SHA1

          97a19c02487c41e3a079cd6764afffeb5e838b26

          SHA256

          c8fa111c5b9537e3b6cab9ba763e164e27fa469f2232b82a54b206a7d892b9e9

          SHA512

          687bf3bd7de28dc45ea622672dc59d7e45d9ce83530a7db6462447ea247a9bde061738c454e09b48531aab9cce802c8491aa730e4da65e63daf31c65ffc39fe1

        • C:\Users\Admin\AppData\Local\Temp\is-HRH6C.tmp\is-PO6GJ.tmp

          Filesize

          664KB

          MD5

          ce35b2dad10a0e6d5e016772efb75ad2

          SHA1

          ac38173e753c499655ba566493e3c3ff71878d92

          SHA256

          31f933169e44b127e3f0a80077a088ed208c2504773a084bfca4de2f53b839c6

          SHA512

          cdd97e8bbf568e9d6d6708bb427f3ce9d5433d320cd577e1e7bab1154c224efbb3960a24980ceec3e2bf471c72caf2309b13e7075c3216f6d43072d277a6642c

        • C:\Users\Admin\AppData\Local\Temp\is-HRH6C.tmp\is-PO6GJ.tmp

          Filesize

          664KB

          MD5

          ce35b2dad10a0e6d5e016772efb75ad2

          SHA1

          ac38173e753c499655ba566493e3c3ff71878d92

          SHA256

          31f933169e44b127e3f0a80077a088ed208c2504773a084bfca4de2f53b839c6

          SHA512

          cdd97e8bbf568e9d6d6708bb427f3ce9d5433d320cd577e1e7bab1154c224efbb3960a24980ceec3e2bf471c72caf2309b13e7075c3216f6d43072d277a6642c

        • \Users\Admin\AppData\Local\Temp\is-E165F.tmp\_isetup\_iscrypt.dll

          Filesize

          2KB

          MD5

          a69559718ab506675e907fe49deb71e9

          SHA1

          bc8f404ffdb1960b50c12ff9413c893b56f2e36f

          SHA256

          2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

          SHA512

          e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

        • \Users\Admin\AppData\Local\Temp\is-E165F.tmp\_isetup\_shfoldr.dll

          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

        • \Users\Admin\AppData\Local\Temp\is-E165F.tmp\_isetup\_shfoldr.dll

          Filesize

          22KB

          MD5

          92dc6ef532fbb4a5c3201469a5b5eb63

          SHA1

          3e89ff837147c16b4e41c30d6c796374e0b8e62c

          SHA256

          9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

          SHA512

          9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

        • \Users\Admin\AppData\Local\Temp\is-HRH6C.tmp\is-PO6GJ.tmp

          Filesize

          664KB

          MD5

          ce35b2dad10a0e6d5e016772efb75ad2

          SHA1

          ac38173e753c499655ba566493e3c3ff71878d92

          SHA256

          31f933169e44b127e3f0a80077a088ed208c2504773a084bfca4de2f53b839c6

          SHA512

          cdd97e8bbf568e9d6d6708bb427f3ce9d5433d320cd577e1e7bab1154c224efbb3960a24980ceec3e2bf471c72caf2309b13e7075c3216f6d43072d277a6642c

        • memory/940-174-0x00000000001D0000-0x00000000001D1000-memory.dmp

          Filesize

          4KB

        • memory/940-242-0x0000000000400000-0x00000000004B5000-memory.dmp

          Filesize

          724KB

        • memory/1376-54-0x0000000000400000-0x0000000000418000-memory.dmp

          Filesize

          96KB

        • memory/1376-241-0x0000000000400000-0x0000000000418000-memory.dmp

          Filesize

          96KB