75f90e90f424140270bbe04a5312136f36350729ab164e35c2287f6bdac710ed

Analysis

max time kernel
124s
max time network
133s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
24/08/2023, 18:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

75f90e90f424140270bbe04a5312136f36350729ab164e35c2287f6bdac710ed.exe
Size

2.3MB
MD5

e3c56d663fe6e288160876c14b3d48d6
SHA1

a5c59ffdc1d20925936597475e82277265317707
SHA256

75f90e90f424140270bbe04a5312136f36350729ab164e35c2287f6bdac710ed
SHA512

ebb0040c35ddba19b59b2ae825cd54a9e1e65ee70e420c23d4737982eb8c4c34b54f60d4e4d31159eead329b585cbe80e6d6b2e5e462b233f19e679d6fbe79ce
SSDEEP

49152:mDkUrjAAFCxf5C+N8rHe+wcIE95wrDrHWBzxH9q2WJalDrKyk7g:m4UgAELPo++dlHwb2hxHISN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
4532	regsvr32.exe
4532	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 4532	3604	75f90e90f424140270bbe04a5312136f36350729ab164e35c2287f6bdac710ed.exe	70
PID 3604 wrote to memory of 4532	3604	75f90e90f424140270bbe04a5312136f36350729ab164e35c2287f6bdac710ed.exe	70
PID 3604 wrote to memory of 4532	3604	75f90e90f424140270bbe04a5312136f36350729ab164e35c2287f6bdac710ed.exe	70

C:\Users\Admin\AppData\Local\Temp\75f90e90f424140270bbe04a5312136f36350729ab164e35c2287f6bdac710ed.exe
"C:\Users\Admin\AppData\Local\Temp\75f90e90f424140270bbe04a5312136f36350729ab164e35c2287f6bdac710ed.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /u PHPG.BWY /s
  2⤵
  - Loads dropped DLL
  PID:4532

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\PHPG.BWY

Filesize
2.3MB

MD5
a7f0eb40ad6e0845f0e175771f118543

SHA1
84344443a10018c7eb5e520d07250f2ec1d3b48b

SHA256
2a2396b662795a4933c443622cd7c2e2b4966e46bee93cc61d18b404c70750b3

SHA512
b1b72903b34458070a328c7c7c947835ecced80a70523dc1954c9f611cd1a2cee5f3ae6752c48338ae6e3dd090224d056f390a068f2ead320f2b9eb5940a760a

Download Submit
\Users\Admin\AppData\Local\Temp\PHpg.BwY

Filesize
2.3MB

MD5
a7f0eb40ad6e0845f0e175771f118543

SHA1
84344443a10018c7eb5e520d07250f2ec1d3b48b

SHA256
2a2396b662795a4933c443622cd7c2e2b4966e46bee93cc61d18b404c70750b3

SHA512
b1b72903b34458070a328c7c7c947835ecced80a70523dc1954c9f611cd1a2cee5f3ae6752c48338ae6e3dd090224d056f390a068f2ead320f2b9eb5940a760a

Download Submit
\Users\Admin\AppData\Local\Temp\PHpg.BwY

Filesize
2.3MB

MD5
a7f0eb40ad6e0845f0e175771f118543

SHA1
84344443a10018c7eb5e520d07250f2ec1d3b48b

SHA256
2a2396b662795a4933c443622cd7c2e2b4966e46bee93cc61d18b404c70750b3

SHA512
b1b72903b34458070a328c7c7c947835ecced80a70523dc1954c9f611cd1a2cee5f3ae6752c48338ae6e3dd090224d056f390a068f2ead320f2b9eb5940a760a

Download Submit
memory/4532-7-0x0000000004190000-0x00000000043E3000-memory.dmp

Filesize
2.3MB

Download
memory/4532-8-0x00000000001A0000-0x00000000001A6000-memory.dmp

Filesize
24KB

Download
memory/4532-9-0x0000000004190000-0x00000000043E3000-memory.dmp

Filesize
2.3MB

Download
memory/4532-11-0x0000000000BE0000-0x0000000000CF2000-memory.dmp

Filesize
1.1MB

Download
memory/4532-12-0x00000000045F0000-0x00000000046E8000-memory.dmp

Filesize
992KB

Download
memory/4532-15-0x00000000045F0000-0x00000000046E8000-memory.dmp

Filesize
992KB

Download
memory/4532-16-0x00000000045F0000-0x00000000046E8000-memory.dmp

Filesize
992KB

Download