9535a9bb1ae8f620d7cbd7d9f5c20336b0fd2c78d1a7d892d76e4652dd8b2be7

Analysis

max time kernel
143s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
01-08-2023 20:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Turlabghdbgibgh2_browsingExe.exe
Size

191KB
MD5

bc76bd7b332aa8f6aedbb8e11b7ba9b6
SHA1

c6858031315a50ec87e37966291ec69b64600efb
SHA256

9535a9bb1ae8f620d7cbd7d9f5c20336b0fd2c78d1a7d892d76e4652dd8b2be7
SHA512

c74a8a893d0d91ef9423c75c14e701102f01d46b4638d7e3184c95bfd4ff29f9cab71fe5de45e8e201dcdb8df77e952a18e32bfed5014b9c8155c189825f37e9
SSDEEP

3072:ugXdZt9P6D3XJ3TCM/vosUE2L/TLqtAyD2XXhtksIae31fXJHhKgzyJtdeV:ue34p/vr6yrC2sJe35ZBKg0dW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4816	Sahofivizu.exe

Loads dropped DLL 7 IoCs

pid	Process
4816	Sahofivizu.exe
4816	Sahofivizu.exe
4816	Sahofivizu.exe
4816	Sahofivizu.exe
4816	Sahofivizu.exe
4816	Sahofivizu.exe
4816	Sahofivizu.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5052	4816	WerFault.exe	86

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3616 wrote to memory of 4816	3616	Turlabghdbgibgh2_browsingExe.exe	86
PID 3616 wrote to memory of 4816	3616	Turlabghdbgibgh2_browsingExe.exe	86
PID 3616 wrote to memory of 4816	3616	Turlabghdbgibgh2_browsingExe.exe	86

C:\Users\Admin\AppData\Local\Temp\Turlabghdbgibgh2_browsingExe.exe
"C:\Users\Admin\AppData\Local\Temp\Turlabghdbgibgh2_browsingExe.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Users\Admin\AppData\Local\Temp\Sahofivizu.exe
  "C:\Users\Admin\AppData\Local\Temp\Sahofivizu.exe" "C:\Users\Admin\AppData\Local\Temp\Turlabghdbgibgh2_browsingExe.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4816
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 268
    3⤵
    - Program crash
    PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 360 -p 4816 -ip 4816
1⤵
PID:1380

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Gozekeneka.dll

Filesize
4KB

MD5
7ac02e7e2c7ec30bfc8c946d12df26a0

SHA1
079ff9dbfc5af1d4dc569203847f50a8b30b5056

SHA256
71cfbe0622aea1248eff7ca09095493b3d47df40e0936493b098d770551213f3

SHA512
dac09e5ca0bda7a9094a34f17b6606767b4a1e308148bfc1ac7e1c0aa55404c4aa50366c8f5f9bc2d225be88d9290ccb7f55aecf71cb400528538367a2e2ca3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gozekeneka.dll

Filesize
4KB

MD5
7ac02e7e2c7ec30bfc8c946d12df26a0

SHA1
079ff9dbfc5af1d4dc569203847f50a8b30b5056

SHA256
71cfbe0622aea1248eff7ca09095493b3d47df40e0936493b098d770551213f3

SHA512
dac09e5ca0bda7a9094a34f17b6606767b4a1e308148bfc1ac7e1c0aa55404c4aa50366c8f5f9bc2d225be88d9290ccb7f55aecf71cb400528538367a2e2ca3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Gozekeneka.dll

Filesize
4KB

MD5
7ac02e7e2c7ec30bfc8c946d12df26a0

SHA1
079ff9dbfc5af1d4dc569203847f50a8b30b5056

SHA256
71cfbe0622aea1248eff7ca09095493b3d47df40e0936493b098d770551213f3

SHA512
dac09e5ca0bda7a9094a34f17b6606767b4a1e308148bfc1ac7e1c0aa55404c4aa50366c8f5f9bc2d225be88d9290ccb7f55aecf71cb400528538367a2e2ca3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sahofivizu.exe

Filesize
20KB

MD5
7fe00cc4ea8429629ac0ac610db51993

SHA1
5b2b4bf75ef99d03d3ea3a778e0bd0b124c5e70b

SHA256
9827e20ffed86c23dd493845f03a9041977c5cf0e5da14edfeb7edadfaa34508

SHA512
f1e919c53e6829447f03aafedfc0128cec4f03c21cc127a26c9cb336d42debf94703c9939976ee9b74f629c6713cb571f178d500503be88e8a2d770aa2843bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sahofivizu.exe

Filesize
20KB

MD5
7fe00cc4ea8429629ac0ac610db51993

SHA1
5b2b4bf75ef99d03d3ea3a778e0bd0b124c5e70b

SHA256
9827e20ffed86c23dd493845f03a9041977c5cf0e5da14edfeb7edadfaa34508

SHA512
f1e919c53e6829447f03aafedfc0128cec4f03c21cc127a26c9cb336d42debf94703c9939976ee9b74f629c6713cb571f178d500503be88e8a2d770aa2843bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sahofivizu.exe

Filesize
20KB

MD5
7fe00cc4ea8429629ac0ac610db51993

SHA1
5b2b4bf75ef99d03d3ea3a778e0bd0b124c5e70b

SHA256
9827e20ffed86c23dd493845f03a9041977c5cf0e5da14edfeb7edadfaa34508

SHA512
f1e919c53e6829447f03aafedfc0128cec4f03c21cc127a26c9cb336d42debf94703c9939976ee9b74f629c6713cb571f178d500503be88e8a2d770aa2843bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Yumicebivud.rih

Filesize
128KB

MD5
0f12b3226fe28398608e4f48b3fafca2

SHA1
38b5bfd50df9775c8ed379a0fa5f43979411e252

SHA256
7637e855c4f59ddfe01c9857fbdff59036177bc1b439b4b0a24e14bc2e3e509a

SHA512
089dbff0bfb72f3925e67055d45d357602d999afaf7e82238af18a2d3c86c9b1c37672c049e14939b3e414b11875dd70ef31f72d29b3ada68d826081b5c347af

Download Submit
C:\Users\Admin\AppData\Local\Temp\Zojemilocan.dll

Filesize
3KB

MD5
3ed0f4b16841ccf3c6d613e77bcef3cd

SHA1
751e4846db47ccf5f94db4ca198e96e77a7032e7

SHA256
a9b7526fe7c988f2219fa3b726dc2f771de38c31593c3b8dad3ac06e60135ac3

SHA512
6d44120d28ab5ca8164423c428eddbf488c605a56f20794bb96618e8539aa50f9a24b9fd48e58001ceb95ec7932dc96bc48cb3f9c732fa0481f76c81f91cffcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Zojemilocan.dll

Filesize
3KB

MD5
3ed0f4b16841ccf3c6d613e77bcef3cd

SHA1
751e4846db47ccf5f94db4ca198e96e77a7032e7

SHA256
a9b7526fe7c988f2219fa3b726dc2f771de38c31593c3b8dad3ac06e60135ac3

SHA512
6d44120d28ab5ca8164423c428eddbf488c605a56f20794bb96618e8539aa50f9a24b9fd48e58001ceb95ec7932dc96bc48cb3f9c732fa0481f76c81f91cffcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Zojemilocan.dll

Filesize
3KB

MD5
3ed0f4b16841ccf3c6d613e77bcef3cd

SHA1
751e4846db47ccf5f94db4ca198e96e77a7032e7

SHA256
a9b7526fe7c988f2219fa3b726dc2f771de38c31593c3b8dad3ac06e60135ac3

SHA512
6d44120d28ab5ca8164423c428eddbf488c605a56f20794bb96618e8539aa50f9a24b9fd48e58001ceb95ec7932dc96bc48cb3f9c732fa0481f76c81f91cffcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\natigezeholi.dll

Filesize
17KB

MD5
f0c82ee96b56bf20d2b1ce93f7c0f941

SHA1
432b3e4b9a1362d267630655dd44fee58c49a2f0

SHA256
e6e1fa7a937c3cfa383c7a5cc5d1723e551a8af62a03c7d8af46504384d7993d

SHA512
0a342a87300c8be6e1558a2729418a286f2770ae51960083289b25055659f27b3cc8870636660eca67cc0c0a88d4e416b48b8abfa0b709d434a953d6e59220d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\natigezeholi.dll

Filesize
17KB

MD5
f0c82ee96b56bf20d2b1ce93f7c0f941

SHA1
432b3e4b9a1362d267630655dd44fee58c49a2f0

SHA256
e6e1fa7a937c3cfa383c7a5cc5d1723e551a8af62a03c7d8af46504384d7993d

SHA512
0a342a87300c8be6e1558a2729418a286f2770ae51960083289b25055659f27b3cc8870636660eca67cc0c0a88d4e416b48b8abfa0b709d434a953d6e59220d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\xuxokuxoka.dll

Filesize
4KB

MD5
81f429115e1afd4a95da0a8a73e4acd1

SHA1
520f4618a20e20e2acc2382af16ca244fe42b97e

SHA256
29d1ac834edb48c1a75c90cf896ef27a53366bfecdee7d65ddbb6621dc540200

SHA512
350994db9c153e5ce2dd62d3c759378e0cd091f8fbd67e6d555ff34266c4bb5097fb376dc007d89eedf939da05bdbffe00ef2a9a8ea2c0048c309702d1163619

Download Submit
C:\Users\Admin\AppData\Local\Temp\xuxokuxoka.dll

Filesize
4KB

MD5
81f429115e1afd4a95da0a8a73e4acd1

SHA1
520f4618a20e20e2acc2382af16ca244fe42b97e

SHA256
29d1ac834edb48c1a75c90cf896ef27a53366bfecdee7d65ddbb6621dc540200

SHA512
350994db9c153e5ce2dd62d3c759378e0cd091f8fbd67e6d555ff34266c4bb5097fb376dc007d89eedf939da05bdbffe00ef2a9a8ea2c0048c309702d1163619

Download Submit
C:\Users\Admin\AppData\Local\Temp\xuxokuxoka.dll

Filesize
4KB

MD5
81f429115e1afd4a95da0a8a73e4acd1

SHA1
520f4618a20e20e2acc2382af16ca244fe42b97e

SHA256
29d1ac834edb48c1a75c90cf896ef27a53366bfecdee7d65ddbb6621dc540200

SHA512
350994db9c153e5ce2dd62d3c759378e0cd091f8fbd67e6d555ff34266c4bb5097fb376dc007d89eedf939da05bdbffe00ef2a9a8ea2c0048c309702d1163619

Download Submit