Overview

overview

10

Static

static

7

Clip1.exe

windows7-x64

10

Clip1.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    142s
  • max time network
    136s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-08-2023 20:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Clip1.exe

  • Size

    9.7MB

  • MD5

    26dbb8cdc46ecf186fe07605207bf622

  • SHA1

    916e3e9f55205fbd45ec1fbb47db370d4f668d18

  • SHA256

    badf6c49e41bef9c00e665b7273b2e8d712abb6e463e451c39d33494eb02bd98

  • SHA512

    f20a3f64747f61b4b8aebc04309ebd2b6490ec0c8d0d4a974a2ccbe730ec89681e1bfcf80c054efd6e49cc1931feac31859a3c0a3795c6ae7c8a90a0d1e7743f

  • SSDEEP

    98304:zvw0Hotqx1pWuJ56DdIPqDyj/pCu03o8I6v+5/QGJbY9YAq+6FLiX:zY0Hotqx1EA56hLnr48IH/HK186

Score
7/10
themida

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Themida packer 18 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Clip1.exe
    "C:\Users\Admin\AppData\Local\Temp\Clip1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1504
    • C:\Windows\System32\schtasks.exe
      "C:\Windows\System32\schtasks.exe" /CREATE /TN "EdgeUpdater-Task" /TR "C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe" /SC MINUTE
      2⤵
      • Creates scheduled task(s)
      PID:2672
  • C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
    C:\ProgramData\\MicrosoftEdgeTasker\edgeTaskUpdater.exe
    1⤵
    • Executes dropped EXE
    PID:1688

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
    Filesize

    771.9MB

    MD5

    a451d05838d41d0dd50a941454c52acb

    SHA1

    f36bb03865537983f48d1026788a8de4d875c36e

    SHA256

    9010780fb908e47c11413d4c4f2e8c9cae07df6c0d32550761f055adf411fc2a

    SHA512

    c6576dd524b4b0f8bc233ed15d8ed6a6335c27d61e77755de02abecdfa1f42a3fd04ace38d2af0511977eae7d633b6fd39db46fc9a2608a9f232cabd3f259f48

    Download Submit

  • C:\ProgramData\MicrosoftEdgeTasker\edgeTaskUpdater.exe
    Filesize

    771.2MB

    MD5

    b900f0524a68313b957133ef8dfceece

    SHA1

    7bec47fc0259b41ed61dacc1114f55400377cd55

    SHA256

    49600244f1035c190d73e719b9fb0feb87f989c50efb70496320220e64fa83f3

    SHA512

    1fec0938787873b8d1a70f161dbf2d8a07c2993435dbdda41c2b0096e5aad17201693a4b46cc7c333b9d818909709b1e9a6b281bd081c1afb358bc6101e444fb

    Download Submit

  • memory/1504-1-0x00007FF786F20000-0x00007FF7878DB000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1504-2-0x00007FF786F20000-0x00007FF7878DB000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1504-3-0x00007FF786F20000-0x00007FF7878DB000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1504-4-0x00007FF786F20000-0x00007FF7878DB000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1504-7-0x00007FF786F20000-0x00007FF7878DB000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1504-9-0x00007FF786F20000-0x00007FF7878DB000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1504-0-0x00007FF786F20000-0x00007FF7878DB000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-11-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-13-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-15-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-17-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-19-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-20-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-21-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-22-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download

  • memory/1688-23-0x00007FF6EA850000-0x00007FF6EB20B000-memory.dmp

    Filesize

    9.7MB

    Download