a16acfc43f93a5668e0d4fdfc43f71e3ad6ff65e93578da62c544994ae1bb0ac

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
06/08/2023, 15:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a16acfc43f93a5668e0d4fdfc43f71e3ad6ff65e93578da62c544994ae1bb0ac.exe
Size

2.5MB
MD5

db18446589050fb81f61007720c9629c
SHA1

7e7ecb371472a7b955c8c1dd6597fe90f044fc52
SHA256

a16acfc43f93a5668e0d4fdfc43f71e3ad6ff65e93578da62c544994ae1bb0ac
SHA512

0421eb866330fb24665737f69613e7aa260d022eb4c9a9eed4b0e6918ce782dcdd3a0b9b137e3c1a7552d53f46019f8da928794c5ed0bf77e56753ac87107cff
SSDEEP

49152:qDkUjjPBay2Sz/+AZS+GlwBNF4nDnHcUKU9CE4MSwelknWoDWs+OYWJhjS:q4UUyvz2iXKONFgDn8Ud44BWois+ZWTO

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
3932	regsvr32.exe
3932	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2672 wrote to memory of 3932	2672	a16acfc43f93a5668e0d4fdfc43f71e3ad6ff65e93578da62c544994ae1bb0ac.exe	82
PID 2672 wrote to memory of 3932	2672	a16acfc43f93a5668e0d4fdfc43f71e3ad6ff65e93578da62c544994ae1bb0ac.exe	82
PID 2672 wrote to memory of 3932	2672	a16acfc43f93a5668e0d4fdfc43f71e3ad6ff65e93578da62c544994ae1bb0ac.exe	82

C:\Users\Admin\AppData\Local\Temp\a16acfc43f93a5668e0d4fdfc43f71e3ad6ff65e93578da62c544994ae1bb0ac.exe
"C:\Users\Admin\AppData\Local\Temp\a16acfc43f93a5668e0d4fdfc43f71e3ad6ff65e93578da62c544994ae1bb0ac.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2672
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" -S .\P5EH.n -u
  2⤵
  - Loads dropped DLL
  PID:3932

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\P5EH.n

Filesize
2.3MB

MD5
4ea53704905b5ed7470c8ea49021541e

SHA1
666d658c2b25abfe4e2efe8ee2da75ce5e6ddfa4

SHA256
70d8c8df4a7b98ebc3c8047ed7fa9b13e1a2538c8e7e026d070794e6e6f4a499

SHA512
b422ae1639fd2d1bd1dd08372a2c9cc1c19091b7abcde001536c04bb8e99787a725672499ee4a53092d1545e42a4a9c18f422a190f3e5a9f4e0fa714ce985996

Download Submit
C:\Users\Admin\AppData\Local\Temp\p5eh.n

Filesize
2.3MB

MD5
4ea53704905b5ed7470c8ea49021541e

SHA1
666d658c2b25abfe4e2efe8ee2da75ce5e6ddfa4

SHA256
70d8c8df4a7b98ebc3c8047ed7fa9b13e1a2538c8e7e026d070794e6e6f4a499

SHA512
b422ae1639fd2d1bd1dd08372a2c9cc1c19091b7abcde001536c04bb8e99787a725672499ee4a53092d1545e42a4a9c18f422a190f3e5a9f4e0fa714ce985996

Download Submit
C:\Users\Admin\AppData\Local\Temp\p5eh.n

Filesize
2.3MB

MD5
4ea53704905b5ed7470c8ea49021541e

SHA1
666d658c2b25abfe4e2efe8ee2da75ce5e6ddfa4

SHA256
70d8c8df4a7b98ebc3c8047ed7fa9b13e1a2538c8e7e026d070794e6e6f4a499

SHA512
b422ae1639fd2d1bd1dd08372a2c9cc1c19091b7abcde001536c04bb8e99787a725672499ee4a53092d1545e42a4a9c18f422a190f3e5a9f4e0fa714ce985996

Download Submit
memory/3932-138-0x0000000002850000-0x0000000002A9D000-memory.dmp

Filesize
2.3MB

Download
memory/3932-139-0x0000000000DA0000-0x0000000000DA6000-memory.dmp

Filesize
24KB

Download
memory/3932-140-0x0000000002850000-0x0000000002A9D000-memory.dmp

Filesize
2.3MB

Download
memory/3932-142-0x0000000002CD0000-0x0000000002DD1000-memory.dmp

Filesize
1.0MB

Download
memory/3932-143-0x0000000002DE0000-0x0000000002EC9000-memory.dmp

Filesize
932KB

Download
memory/3932-144-0x0000000002DE0000-0x0000000002EC9000-memory.dmp

Filesize
932KB

Download
memory/3932-146-0x0000000002DE0000-0x0000000002EC9000-memory.dmp

Filesize
932KB

Download
memory/3932-147-0x0000000002DE0000-0x0000000002EC9000-memory.dmp

Filesize
932KB

Download