73109cfde4c76c8cbce68742337a52f869dbeeeb03a911541525988de6d2b815

Analysis

max time kernel
128s
max time network
133s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
29-08-2023 05:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

73109cfde4c76c8cbce68742337a52f869dbeeeb03a911541525988de6d2b815.exe
Size

3.0MB
MD5

072b9634bd04507e19444b0a467b4e9d
SHA1

4a3390606954222c249cea32509dab0248df7d6b
SHA256

73109cfde4c76c8cbce68742337a52f869dbeeeb03a911541525988de6d2b815
SHA512

a38846f896b6f29b63f537a8d3ff3702e916e9271497f539ae223aafb34f9aacd2f353c0cf55e88187739a1af4a93226596d59c83ab9b9dcaac61b0ee0b444ca
SSDEEP

98304:wWhrPBfKES3mb7AS4p3eHqcvhK3vQHunf6eWzWl2FA:YX2b8pp3eKc6nfNoy

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
5000	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4176 wrote to memory of 5000	4176	73109cfde4c76c8cbce68742337a52f869dbeeeb03a911541525988de6d2b815.exe	70
PID 4176 wrote to memory of 5000	4176	73109cfde4c76c8cbce68742337a52f869dbeeeb03a911541525988de6d2b815.exe	70
PID 4176 wrote to memory of 5000	4176	73109cfde4c76c8cbce68742337a52f869dbeeeb03a911541525988de6d2b815.exe	70

C:\Users\Admin\AppData\Local\Temp\73109cfde4c76c8cbce68742337a52f869dbeeeb03a911541525988de6d2b815.exe
"C:\Users\Admin\AppData\Local\Temp\73109cfde4c76c8cbce68742337a52f869dbeeeb03a911541525988de6d2b815.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4176
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" MDQPmTQ.E -S
  2⤵
  - Loads dropped DLL
  PID:5000

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MDQPmTQ.E

Filesize
2.7MB

MD5
1f1e35f5dd1dbe86ccf41ea817a5eb89

SHA1
d6634161e53d54f46434c63625926d51d1c0997c

SHA256
d9851e4d750236ab8360ebd054367aecd7de812ce842068152bbef1b88239812

SHA512
4233e0005b8f03b0be5f449e724ef335d701b71fdfeaefe7f172329c80812ea137559bb5a61ec71b4345bbb160d242f6953c860a23b902146245bfd2fb9588aa

Download Submit
\Users\Admin\AppData\Local\Temp\mDQpmTQ.E

Filesize
2.7MB

MD5
1f1e35f5dd1dbe86ccf41ea817a5eb89

SHA1
d6634161e53d54f46434c63625926d51d1c0997c

SHA256
d9851e4d750236ab8360ebd054367aecd7de812ce842068152bbef1b88239812

SHA512
4233e0005b8f03b0be5f449e724ef335d701b71fdfeaefe7f172329c80812ea137559bb5a61ec71b4345bbb160d242f6953c860a23b902146245bfd2fb9588aa

Download Submit
memory/5000-4-0x0000000002DA0000-0x0000000002DA6000-memory.dmp

Filesize
24KB

Download
memory/5000-5-0x0000000000400000-0x00000000006A9000-memory.dmp

Filesize
2.7MB

Download
memory/5000-7-0x0000000004A70000-0x0000000004B82000-memory.dmp

Filesize
1.1MB

Download
memory/5000-8-0x0000000004B90000-0x0000000004C87000-memory.dmp

Filesize
988KB

Download
memory/5000-11-0x0000000004B90000-0x0000000004C87000-memory.dmp

Filesize
988KB

Download
memory/5000-12-0x0000000004B90000-0x0000000004C87000-memory.dmp

Filesize
988KB

Download