c9d475d146a04f730cbd437a3e544f59539c67c0907ed050d5440eb1c0154a32

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
18/07/2023, 16:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c51866d585cd53_JC.exe
Size

15.5MB
MD5

c51866d585cd53bf068762f3090b244b
SHA1

5e14dd217c96d13c8a8a31ac07a2ecc220f15a05
SHA256

c9d475d146a04f730cbd437a3e544f59539c67c0907ed050d5440eb1c0154a32
SHA512

3a7697c690b6414b330bff020890e8059eabac07173f67ab4cdc5c2db778b894c227bc0c3c759b8fd1a4b790597bcfd1c5e1a3ccbbeddd80324d70bf6bc9d6e7
SSDEEP

393216:gUhIiCAJXAJEat0LBPAxuYE+SRKAWggQOtTcHVmzXibFTC3:gU2JEOIBPUn9ScAWgQT7XmFTC3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1824	Ldx.Exe

Loads dropped DLL 4 IoCs

pid	Process
2292	c51866d585cd53_JC.exe
2292	c51866d585cd53_JC.exe
2292	c51866d585cd53_JC.exe
2292	c51866d585cd53_JC.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2292	c51866d585cd53_JC.exe
2292	c51866d585cd53_JC.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 1824	2292	c51866d585cd53_JC.exe	28
PID 2292 wrote to memory of 1824	2292	c51866d585cd53_JC.exe	28
PID 2292 wrote to memory of 1824	2292	c51866d585cd53_JC.exe	28
PID 2292 wrote to memory of 1824	2292	c51866d585cd53_JC.exe	28

C:\Users\Admin\AppData\Local\Temp\c51866d585cd53_JC.exe
"C:\Users\Admin\AppData\Local\Temp\c51866d585cd53_JC.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.Exe
  "C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.Exe" -srcfile "C:\Users\Admin\AppData\Local\Temp\c51866d585cd53_JC.exe"
  2⤵
  - Executes dropped EXE
  PID:1824

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\LdCab.exe

Filesize
339KB

MD5
20679f9b1377cc7cf9f41369e6085948

SHA1
9bd8861694812e51103c3202860d02985c766b73

SHA256
54d4ad5be72ef82cd1dbaae6b1c1a66af77a886ff6d25c0870b8a7f3690cce32

SHA512
68ee5f869cd6450bc98806f7b91279c0331860a474738e3972ad7bfac8597a33d77fb3a3e4dffbd6291017ce11160392e39bd072913d37f736132688a35f8e57

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
C:\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
\Users\Admin\AppData\Local\Temp\@tiprayldx@\79ed033f89359babdc220549b69d0771\Ldx.exe

Filesize
1.1MB

MD5
f352ecc0d75237693091afa03bb99c14

SHA1
905c918ce031af10b9397868da477edb881d884b

SHA256
bf4bf5514dc8a633271fd284cbb2d15086e919b85a4ae114fcf9ea6ba168fc8d

SHA512
56aede7dfcf7a1e9748d6787f65e2ee5ecee645b0d58e18fe5ad1214e94e67fef6ab2564dbd73a8bf3be0a0307a3518507c00c22d4c14b2868251f167bc66da4

Download Submit
memory/1824-275-0x0000000000400000-0x000000000051F000-memory.dmp

Filesize
1.1MB

Download