33c8ee21fb63ede72a217351f7faf1fa81f731dbe8fe46f3e9c9a6dbb6d7a365

Analysis

max time kernel
3s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11/07/2023, 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ea81027eff6d450cb0dbf54052b4408c.exe
Size

2.4MB
MD5

ea81027eff6d450cb0dbf54052b4408c
SHA1

d37c7c31a144f2f00ba1534e08d6dbe608c6d067
SHA256

33c8ee21fb63ede72a217351f7faf1fa81f731dbe8fe46f3e9c9a6dbb6d7a365
SHA512

a18a950e1d79828708fe6d95e37e65ac4b85fe9c3f82ae3228560f96e2964685c11e3a073082784c90f2f01a23a588c9ef4ee3fa020e02c561c7fbd459601b40
SSDEEP

49152:p7SSsBt/DJkmkLbZnXZT3I8DzhtMbbFvQeQl/mlp0SonvNPGhGv:agNnpDIezbObti/mPh8NPGhGv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3060	ssf.exe

Loads dropped DLL 2 IoCs

pid	Process
2184	ea81027eff6d450cb0dbf54052b4408c.exe
2184	ea81027eff6d450cb0dbf54052b4408c.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2184 wrote to memory of 3060	2184	ea81027eff6d450cb0dbf54052b4408c.exe	29
PID 2184 wrote to memory of 3060	2184	ea81027eff6d450cb0dbf54052b4408c.exe	29
PID 2184 wrote to memory of 3060	2184	ea81027eff6d450cb0dbf54052b4408c.exe	29

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\ea81027eff6d450cb0dbf54052b4408c.exe
"C:\Users\Admin\AppData\Local\Temp\ea81027eff6d450cb0dbf54052b4408c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2184
- \??\c:\programdata\ssf.exe
  "c:\programdata\ssf.exe"
  2⤵
  - Executes dropped EXE
  PID:3060

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\ssf.exe

Filesize
1.9MB

MD5
8564d4b711688d4bc2f39863be02faf1

SHA1
42ee249810035432ea818f75f2e02195dd6e98d8

SHA256
0ddc72a9ee4831b93e2075a5d3a4ea81ac47bdf49fb350c3f60cc0ca59f9301b

SHA512
7c12fc112e0e340c52373a42b51136b84888dd5bd67ccdff7edebf7a4d10fb075591c5b723bf0a6ad95a5ca6bf45a832d865d2cf4ea88091647b38e660443776

Download Submit
\ProgramData\ssf.exe

Filesize
1.9MB

MD5
8564d4b711688d4bc2f39863be02faf1

SHA1
42ee249810035432ea818f75f2e02195dd6e98d8

SHA256
0ddc72a9ee4831b93e2075a5d3a4ea81ac47bdf49fb350c3f60cc0ca59f9301b

SHA512
7c12fc112e0e340c52373a42b51136b84888dd5bd67ccdff7edebf7a4d10fb075591c5b723bf0a6ad95a5ca6bf45a832d865d2cf4ea88091647b38e660443776

Download Submit
\ProgramData\ssf.exe

Filesize
1.9MB

MD5
8564d4b711688d4bc2f39863be02faf1

SHA1
42ee249810035432ea818f75f2e02195dd6e98d8

SHA256
0ddc72a9ee4831b93e2075a5d3a4ea81ac47bdf49fb350c3f60cc0ca59f9301b

SHA512
7c12fc112e0e340c52373a42b51136b84888dd5bd67ccdff7edebf7a4d10fb075591c5b723bf0a6ad95a5ca6bf45a832d865d2cf4ea88091647b38e660443776

Download Submit