0b7314b0bad9cdee09767ed3d4ac19bdcbb4a064bf6f8f6e01a5c119b4839bdd

Analysis

max time kernel
97s
max time network
104s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
27-08-2023 02:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b7314b0bad9cdee09767ed3d4ac19bdcbb4a064bf6f8f6e01a5c119b4839bdd.exe
Size

2.7MB
MD5

7bf26b14a428c2d90934f004c4476fb9
SHA1

141afa9564aa35a9f8617c26e90ab8c640af286c
SHA256

0b7314b0bad9cdee09767ed3d4ac19bdcbb4a064bf6f8f6e01a5c119b4839bdd
SHA512

35b612b38920918ebafcaff68870eebcb8c423d3c33508fa1fdf090acb37b28394cd16ba9239c29d051d52e3dbbfb000dd7094556d8d2eb0a0e31288ce3d9f64
SSDEEP

49152:qDkUjj2/AYh8op0OtD3qO0HSWlBgbzkAW5mrXeiruL9AnG9AejFy/:q4UsAYeu0QDKyWlBgbIAW0ruRvFY

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
788	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 788	4560	0b7314b0bad9cdee09767ed3d4ac19bdcbb4a064bf6f8f6e01a5c119b4839bdd.exe	70
PID 4560 wrote to memory of 788	4560	0b7314b0bad9cdee09767ed3d4ac19bdcbb4a064bf6f8f6e01a5c119b4839bdd.exe	70
PID 4560 wrote to memory of 788	4560	0b7314b0bad9cdee09767ed3d4ac19bdcbb4a064bf6f8f6e01a5c119b4839bdd.exe	70

C:\Users\Admin\AppData\Local\Temp\0b7314b0bad9cdee09767ed3d4ac19bdcbb4a064bf6f8f6e01a5c119b4839bdd.exe
"C:\Users\Admin\AppData\Local\Temp\0b7314b0bad9cdee09767ed3d4ac19bdcbb4a064bf6f8f6e01a5c119b4839bdd.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" Ti~N2N.IB -U /S
  2⤵
  - Loads dropped DLL
  PID:788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Ti~N2N.IB

Filesize
2.6MB

MD5
e6218bdf25e21ff48f66d283e229b5b3

SHA1
7da740a44abfb81f43be2d7b18f6062481bf31c8

SHA256
aa6c2b6710be3ba86eea07083bdcce5f3d5a869403f25fb3c7a6f8b12ce45b43

SHA512
7653cc51eeb5d31802f1f3e9e51abf2dafd9c83bdfbcde4d4c3a2bfa9f70c059ddf13c1aed4a28b3ec44c9dca4d99761c36a230c0830be931f551f08e27a095b

Download Submit
\Users\Admin\AppData\Local\Temp\Ti~N2N.IB

Filesize
2.6MB

MD5
e6218bdf25e21ff48f66d283e229b5b3

SHA1
7da740a44abfb81f43be2d7b18f6062481bf31c8

SHA256
aa6c2b6710be3ba86eea07083bdcce5f3d5a869403f25fb3c7a6f8b12ce45b43

SHA512
7653cc51eeb5d31802f1f3e9e51abf2dafd9c83bdfbcde4d4c3a2bfa9f70c059ddf13c1aed4a28b3ec44c9dca4d99761c36a230c0830be931f551f08e27a095b

Download Submit
memory/788-6-0x0000000002D80000-0x0000000002D86000-memory.dmp

Filesize
24KB

Download
memory/788-7-0x0000000000400000-0x000000000068D000-memory.dmp

Filesize
2.6MB

Download
memory/788-11-0x0000000004BB0000-0x0000000004CC4000-memory.dmp

Filesize
1.1MB

Download
memory/788-12-0x0000000004CD0000-0x0000000004DC9000-memory.dmp

Filesize
996KB

Download
memory/788-15-0x0000000004CD0000-0x0000000004DC9000-memory.dmp

Filesize
996KB

Download
memory/788-16-0x0000000004CD0000-0x0000000004DC9000-memory.dmp

Filesize
996KB

Download