d0c2c29a2113f2e09a4438f422ff70372f7dd20a2c5cbebed645a70c64bf54cd

Analysis

max time kernel
128s
max time network
135s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
26/08/2023, 15:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

d0c2c29a2113f2e09a4438f422ff70372f7dd20a2c5cbebed645a70c64bf54cd.exe
Size

2.3MB
MD5

b24229251e6ea9362022bb215ea968be
SHA1

65f002afb6017a5305a5f5dd8364e1c1ff11b685
SHA256

d0c2c29a2113f2e09a4438f422ff70372f7dd20a2c5cbebed645a70c64bf54cd
SHA512

94f629cdf47a7db3a395df51114ad63c082319ff5b4a29b39197ea9d9d54dc47fcce3f569f5a2990b743b35f42845a367b6174f6fd95b6afe34d3253d58802a2
SSDEEP

49152:acbz6nUk0B+D2wdFQNBbm8WOk9765d5zP/kXKEmeD3NBFAwgClQ8dLw4H:acberNDT/QNBDmEd5+KEmerNBFhTlPLp

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
1196	regsvr32.exe
1196	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 1196	1856	d0c2c29a2113f2e09a4438f422ff70372f7dd20a2c5cbebed645a70c64bf54cd.exe	70
PID 1856 wrote to memory of 1196	1856	d0c2c29a2113f2e09a4438f422ff70372f7dd20a2c5cbebed645a70c64bf54cd.exe	70
PID 1856 wrote to memory of 1196	1856	d0c2c29a2113f2e09a4438f422ff70372f7dd20a2c5cbebed645a70c64bf54cd.exe	70

C:\Users\Admin\AppData\Local\Temp\d0c2c29a2113f2e09a4438f422ff70372f7dd20a2c5cbebed645a70c64bf54cd.exe
"C:\Users\Admin\AppData\Local\Temp\d0c2c29a2113f2e09a4438f422ff70372f7dd20a2c5cbebed645a70c64bf54cd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" 1IILL.HpN -U /s
  2⤵
  - Loads dropped DLL
  PID:1196

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\1IILL.HpN

Filesize
2.3MB

MD5
5330f1bd0d281a768ce404ebe765f1e6

SHA1
9bf31a96303a5bc781453c9ac903b7f2ea3fee5b

SHA256
ed95f2eee219688371fd55174774c32caba856204d1699d5f9851a5b5833e7f0

SHA512
70c0e50305d286b6284246717bca6fbef3e56a1f57a406c17e649ca1c4fb8149e5c4e91f81dbac937d9b5f182b3c22879af94df56780e6c884380c59ad7c9037

Download Submit
\Users\Admin\AppData\Local\Temp\1IIll.Hpn

Filesize
2.3MB

MD5
5330f1bd0d281a768ce404ebe765f1e6

SHA1
9bf31a96303a5bc781453c9ac903b7f2ea3fee5b

SHA256
ed95f2eee219688371fd55174774c32caba856204d1699d5f9851a5b5833e7f0

SHA512
70c0e50305d286b6284246717bca6fbef3e56a1f57a406c17e649ca1c4fb8149e5c4e91f81dbac937d9b5f182b3c22879af94df56780e6c884380c59ad7c9037

Download Submit
\Users\Admin\AppData\Local\Temp\1IIll.Hpn

Filesize
2.3MB

MD5
5330f1bd0d281a768ce404ebe765f1e6

SHA1
9bf31a96303a5bc781453c9ac903b7f2ea3fee5b

SHA256
ed95f2eee219688371fd55174774c32caba856204d1699d5f9851a5b5833e7f0

SHA512
70c0e50305d286b6284246717bca6fbef3e56a1f57a406c17e649ca1c4fb8149e5c4e91f81dbac937d9b5f182b3c22879af94df56780e6c884380c59ad7c9037

Download Submit
memory/1196-7-0x00000000042D0000-0x000000000451C000-memory.dmp

Filesize
2.3MB

Download
memory/1196-8-0x0000000002AA0000-0x0000000002AA6000-memory.dmp

Filesize
24KB

Download
memory/1196-9-0x00000000042D0000-0x000000000451C000-memory.dmp

Filesize
2.3MB

Download
memory/1196-11-0x0000000004850000-0x000000000494D000-memory.dmp

Filesize
1012KB

Download
memory/1196-12-0x0000000004950000-0x0000000004A35000-memory.dmp

Filesize
916KB

Download
memory/1196-15-0x0000000004950000-0x0000000004A35000-memory.dmp

Filesize
916KB

Download
memory/1196-16-0x0000000004950000-0x0000000004A35000-memory.dmp

Filesize
916KB

Download