d955ccc698e423adf506b35fac6c24fec60df7ae30e2595c813a37a8ac981775

Analysis

max time kernel
128s
max time network
136s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
26/08/2023, 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d955ccc698e423adf506b35fac6c24fec60df7ae30e2595c813a37a8ac981775.exe
Size

2.3MB
MD5

cec2e523d79866391798370468c97699
SHA1

e506b8147b5743a4e51efc6f89f0e658fc253539
SHA256

d955ccc698e423adf506b35fac6c24fec60df7ae30e2595c813a37a8ac981775
SHA512

90121702773da534f01e5e8bfa9cd69272bfba774046ad9ddadd5e955ac4218ea28c80d29bd4744cee5bdb88c810a38066c1cf4b94a68d9ca5fd5a9868ed450e
SSDEEP

49152:qDkUjjzRMZ5VvX+7qgb/WOesianiCwAxi5rVkgk7r:q4U7YHOm8+rjCTibTgr

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
372	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1544 wrote to memory of 372	1544	d955ccc698e423adf506b35fac6c24fec60df7ae30e2595c813a37a8ac981775.exe	70
PID 1544 wrote to memory of 372	1544	d955ccc698e423adf506b35fac6c24fec60df7ae30e2595c813a37a8ac981775.exe	70
PID 1544 wrote to memory of 372	1544	d955ccc698e423adf506b35fac6c24fec60df7ae30e2595c813a37a8ac981775.exe	70

C:\Users\Admin\AppData\Local\Temp\d955ccc698e423adf506b35fac6c24fec60df7ae30e2595c813a37a8ac981775.exe
"C:\Users\Admin\AppData\Local\Temp\d955ccc698e423adf506b35fac6c24fec60df7ae30e2595c813a37a8ac981775.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1544
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /s T_RCdfTN.kX
  2⤵
  - Loads dropped DLL
  PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\T_RCdfTN.kX

Filesize
2.3MB

MD5
8de82f199bdf0573f4e661a83e15cc02

SHA1
d717482e1ab432be459d005b12890b927125d91f

SHA256
d1808aac8cdd7edd4c0df8029509ad3e89f376b6fb9ca7a3b7ce6bb90dcd6e0b

SHA512
48ce3199d7f71e8e56ab8965da721a4b29e7108057a898a86b44f4521f44b465be687a2d0c38a8b1eea7c225f86f464750692d8f1cc2bee3dd9f5d09cf3b0fd3

Download Submit
\Users\Admin\AppData\Local\Temp\T_RcdfTN.kX

Filesize
2.3MB

MD5
8de82f199bdf0573f4e661a83e15cc02

SHA1
d717482e1ab432be459d005b12890b927125d91f

SHA256
d1808aac8cdd7edd4c0df8029509ad3e89f376b6fb9ca7a3b7ce6bb90dcd6e0b

SHA512
48ce3199d7f71e8e56ab8965da721a4b29e7108057a898a86b44f4521f44b465be687a2d0c38a8b1eea7c225f86f464750692d8f1cc2bee3dd9f5d09cf3b0fd3

Download Submit
memory/372-7-0x0000000000400000-0x000000000064C000-memory.dmp

Filesize
2.3MB

Download
memory/372-6-0x0000000002FF0000-0x0000000002FF6000-memory.dmp

Filesize
24KB

Download
memory/372-9-0x00000000050F0000-0x00000000051ED000-memory.dmp

Filesize
1012KB

Download
memory/372-10-0x0000000004CC0000-0x0000000004DA5000-memory.dmp

Filesize
916KB

Download
memory/372-13-0x0000000004CC0000-0x0000000004DA5000-memory.dmp

Filesize
916KB

Download
memory/372-14-0x0000000004CC0000-0x0000000004DA5000-memory.dmp

Filesize
916KB

Download