bd61f9c97ebaf0bfba6518b135afcffb2a4a39486d1ea9f3b7acb89e4e524af2

Analysis

max time kernel
30s
max time network
34s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
08/07/2023, 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a2a67a3e5771aexeexeexeex.exe
Size

4.4MB
MD5

8a2a67a3e5771a8dbd7984ae88e41608
SHA1

732eca26b1e398cf531c5c4aa9e0c3feac09a25c
SHA256

bd61f9c97ebaf0bfba6518b135afcffb2a4a39486d1ea9f3b7acb89e4e524af2
SHA512

ecf53bc2cce00c10aedb94ec1d2b8d23b2f915c35265f14707b192321e538b67dbb3148434e0f1c364aac204e30035e4f51f98cbf7a0906901161596b2250fb8
SSDEEP

98304:ymY+5/pjcv38VmLLWPk7nYDeNjZlXCGFk+nFbj+Y/WFqbOH:ymY+Rp4EViYkjYDeNVll2me/H

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2244	launch_.exe

Loads dropped DLL 2 IoCs

pid	Process
2132	8a2a67a3e5771aexeexeexeex.exe
2244	launch_.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2244	launch_.exe
2244	launch_.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2964	AUDIODG.EXE
Token: 33	2964	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2964	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2132	8a2a67a3e5771aexeexeexeex.exe
2244	launch_.exe
2244	launch_.exe
2244	launch_.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2132 wrote to memory of 2244	2132	8a2a67a3e5771aexeexeexeex.exe	29
PID 2132 wrote to memory of 2244	2132	8a2a67a3e5771aexeexeexeex.exe	29
PID 2132 wrote to memory of 2244	2132	8a2a67a3e5771aexeexeexeex.exe	29
PID 2132 wrote to memory of 2244	2132	8a2a67a3e5771aexeexeexeex.exe	29
PID 2132 wrote to memory of 2244	2132	8a2a67a3e5771aexeexeexeex.exe	29
PID 2132 wrote to memory of 2244	2132	8a2a67a3e5771aexeexeexeex.exe	29
PID 2132 wrote to memory of 2244	2132	8a2a67a3e5771aexeexeexeex.exe	29

C:\Users\Admin\AppData\Local\Temp\8a2a67a3e5771aexeexeexeex.exe
"C:\Users\Admin\AppData\Local\Temp\8a2a67a3e5771aexeexeexeex.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2132
- C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe
  "C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\8a2a67a3e5771aexeexeexeex.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2244

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5a4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2964

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Icon.ico

Filesize
14KB

MD5
e08c9eb2a8bb5390d6ef717f49cd1b3c

SHA1
b91c4674b4e72c2083a9d7f1782254ab22430abb

SHA256
db43ec5600f9f79390c7611d70849c7f670257ee852e75530f0862b213e63dfb

SHA512
fdc02ec12e72839a930b51e285f1ebc8e95a4e0611488b8ac003137d304d0c19e0a20153ae776c9bc684cda68f24f05ca86725623b911a2f72ba593c65779891

Download Submit
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Launcher\Icons\Icon.ico

Filesize
14KB

MD5
e08c9eb2a8bb5390d6ef717f49cd1b3c

SHA1
b91c4674b4e72c2083a9d7f1782254ab22430abb

SHA256
db43ec5600f9f79390c7611d70849c7f670257ee852e75530f0862b213e63dfb

SHA512
fdc02ec12e72839a930b51e285f1ebc8e95a4e0611488b8ac003137d304d0c19e0a20153ae776c9bc684cda68f24f05ca86725623b911a2f72ba593c65779891

Download Submit
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Launcher\Images\TM2_R2PLauncher.jpg

Filesize
111KB

MD5
aaa7d3439043a5499d9286afec312365

SHA1
0bbfef7a66b6c497331c812967d5891aea6962a5

SHA256
2900110bf4de2c2cdcd3c8673735a67b9016d799d64c7fd6883826723d04cddc

SHA512
1ac566becf6762a517d6e7636b5e1483c0d9c2c1922b0f8624f12335060f40fe11acfbc76b156ab42c3536cffe35ae448df70ff1990745fb7eb91736414853bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Launcher\Images\ger.jpg

Filesize
1KB

MD5
0865edc79be2e94ee8e45d3de2123812

SHA1
a567e82b67250413ad01bce57a5364d07f6454f0

SHA256
782a4e49b1cb0242f4de756124ef6d80789d3289b858cc6430cdf1036794b64b

SHA512
9a501d2ecb5e3398088a8550f0841ece60d3ddc2570c13dadd208eea8acd3670a00604c6f2d1a7993adad66b7813715aab18f7d88afc8e68afdb44ee58cfbbc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\Launcher\launch_.dll

Filesize
1.1MB

MD5
e1325ff186e46300a33cdd565a0c2ba9

SHA1
dca04cf5c1b4bd262935eb4fb9dac2687ecde78d

SHA256
39b1a5cdfe7760e2f99b2591e56f9ad330f33c069eb294159191f99bf26eac62

SHA512
133077aed97fffff4634aaadd7bca0808181d4dcbb144b9c45f39920b3ef13ccf9589feaf3136577110301febd56b42c74a1ebe58090fd19aed96e7db227cd31

Download Submit
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe

Filesize
5.0MB

MD5
ec891c754be678aff41a32d5a633921d

SHA1
6160c67421798db6f39db64eb44d46a780673886

SHA256
ad7bebd597faafc72922de08263271edff8db17b193684464e8f091e80970e6a

SHA512
9a824e53f11f5f8b87fab0e458c1a671b8663eb94cf11483a6e4c84d8f06f0387cbac96e706e6c35751918c6a8acd789e6562fc7b0daa568e6149e41a9d59cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe

Filesize
5.0MB

MD5
ec891c754be678aff41a32d5a633921d

SHA1
6160c67421798db6f39db64eb44d46a780673886

SHA256
ad7bebd597faafc72922de08263271edff8db17b193684464e8f091e80970e6a

SHA512
9a824e53f11f5f8b87fab0e458c1a671b8663eb94cf11483a6e4c84d8f06f0387cbac96e706e6c35751918c6a8acd789e6562fc7b0daa568e6149e41a9d59cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe

Filesize
5.0MB

MD5
ec891c754be678aff41a32d5a633921d

SHA1
6160c67421798db6f39db64eb44d46a780673886

SHA256
ad7bebd597faafc72922de08263271edff8db17b193684464e8f091e80970e6a

SHA512
9a824e53f11f5f8b87fab0e458c1a671b8663eb94cf11483a6e4c84d8f06f0387cbac96e706e6c35751918c6a8acd789e6562fc7b0daa568e6149e41a9d59cae

Download Submit
C:\Users\Admin\AppData\Local\Temp\launch_temp_0\lua5.1.dll

Filesize
327KB

MD5
50f1d9f2093914c7712068608f3d66f2

SHA1
c38c655526b9ba929f01259cd35abb65744448f0

SHA256
ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

SHA512
07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

Download Submit
\Users\Admin\AppData\Local\Temp\launch_temp_0\launch_.exe

Filesize
5.0MB

MD5
ec891c754be678aff41a32d5a633921d

SHA1
6160c67421798db6f39db64eb44d46a780673886

SHA256
ad7bebd597faafc72922de08263271edff8db17b193684464e8f091e80970e6a

SHA512
9a824e53f11f5f8b87fab0e458c1a671b8663eb94cf11483a6e4c84d8f06f0387cbac96e706e6c35751918c6a8acd789e6562fc7b0daa568e6149e41a9d59cae

Download Submit
\Users\Admin\AppData\Local\Temp\launch_temp_0\lua5.1.dll

Filesize
327KB

MD5
50f1d9f2093914c7712068608f3d66f2

SHA1
c38c655526b9ba929f01259cd35abb65744448f0

SHA256
ebeb211dfe4fce993d63206b2e3f284b569274db4730a8ee341ee81eccac9a5f

SHA512
07841d260770288f34b3e6413f6044742d82794d0812d9d58ebb2b881f935ee7661c94acddcf3a25817a98168789de0e0e0a98baaddbac2ec097a3efdd22c9ac

Download Submit