616ca5c757a9fcf6dce88d1e46e85b233ad05457ae6adfce1b6b53660d496841

Analysis

max time kernel
140s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
04-09-2023 06:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RFQ____RM quotation_JPEG IMAGE.exe
Size

766KB
MD5

eb411026d449c29c6a36ba1f1546400f
SHA1

f3730d1d04eb2a844a86d5cef3237c190ff3c9ec
SHA256

616ca5c757a9fcf6dce88d1e46e85b233ad05457ae6adfce1b6b53660d496841
SHA512

0d0fb20c7a507e0fb1a08960f778d7d0171a6f5df28ea740bdc554e01f508556b1af179d16a9570c04995009742b9a4b85bca42ea405b61ec59366ee241c5e7b
SSDEEP

12288:FmgxxY1guFc/DcbDbFlDSQ5KclNpesz5O+q2oZo+p0On9N6:sqQguFBbfFl+QocHxXoZoU05

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2088	RFQ____RM quotation_JPEG IMAGE.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\kanylens.ini	RFQ____RM quotation_JPEG IMAGE.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\Cerebellopontine\Ciconian172\hiccoughes\skyrens.ros	RFQ____RM quotation_JPEG IMAGE.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\resources\0409\Hemagogic47.cis	RFQ____RM quotation_JPEG IMAGE.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\RFQ____RM quotation_JPEG IMAGE.exe
"C:\Users\Admin\AppData\Local\Temp\RFQ____RM quotation_JPEG IMAGE.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
PID:2088

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
25B

MD5
0482c7ed975650aff1ffb3a55e03c686

SHA1
bc37a0726a5c8735aa40df511ca5c70fe819d76b

SHA256
e8b2464d60c2649c1ff8693749d16d4344a1e79f46ccf8299d4275ada039844e

SHA512
4be451f9aab2c1ec3976a73b499cc599678f77499f71bc45139fcc670c597d563f5f41b2051c3a151c9e4f132958a46b1f0dc472bae599c0f8799ab1277154bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
31B

MD5
c8d65efab867582b18372a4c569af26f

SHA1
c32e12a52d02d37ec227a6dfc0cfacc319b42071

SHA256
aa37eb51b2315acca862b59cbee4f7631b423e302091e872e8c4e80139d274e8

SHA512
fbdc529d2461405076f1737f838c5c07809008d9fff2923a752239ee950c7042a0bd0690c8eec4e47199c7b6f57fdabce6fdb294454cc85c43cb9f5ae36516db

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
43B

MD5
8afa4e5565789eba3068d29dfeece176

SHA1
887c2d8ef6d3c18c675f18ad9d5a1a9f27eafdb3

SHA256
232051b2a33cd608a375d3d886a6d7de49b59782971b074a492deacd9c595f54

SHA512
eab19293edb4e1d5aefa4239f71e13a13b2249457a0574f7115719d51bb58cbc6a528189bd8c2b15b04342ea99f6b16e953414970d7cafa6db3f8923fda1f2a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
57B

MD5
0cbf4df086fa27b94408d32a8c0a54af

SHA1
fd16599284aea5c16a25a2a5f18e8a6cae2c6f33

SHA256
f5a8567794eed98eac146d376f072dce4e476d2e4c9cffb447d4778d45143218

SHA512
d72672622b63ab0a8a4db3628e2079aa2b96b111c536f4f230bd8876762afeeb3efd18e136702a47a7766e23a0766ff0928966ab5a172f4f0b6e71f11d18d745

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
52B

MD5
dab397d5d03e64f198ac4b90449026b8

SHA1
0453a489949ce13d37175b82aafb885e25fe20e2

SHA256
84cf8b2faa9ff06ed11ecd234ec51105b585836c93f8d9b6fd969d2a3555b69b

SHA512
b8562c387554324164ae4f08aed4e0902285e717ac357134b8ec53b443a6538d3069ac6983eb11115f5ff9139acba98f86a423a614ce7bb91008cf709be2b972

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
64B

MD5
1533b455a8571c337a9589b7823c82a3

SHA1
da40c1221debab35fd38f6620e88e3b655557a7f

SHA256
a20e749da256fe29770abdab2ab18905bfcac6551dffe8e55dff750e96e39b14

SHA512
fd50f70e7cecd1acd2dd6231776b685492405991a482528f243dd50bd25efcb796083036eeb449c372a17c436faa15a19aa7c890cf708faeb4b51a1c0099536f

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
53B

MD5
28fdab14f67793c4ac099a8eca615795

SHA1
8a171819f1473e779dee0804116f78d6fba0b10d

SHA256
6ac30e053739b9cf92b9572c36adcf31b8ea006495492c9ad6a92331e98076e6

SHA512
265281f42f2601cdc67cbf57d317961b5453a8117d91c710467cf977c9825d82d11fdfe362186b0458027c3d23ab5a51677bd1b201cc1b77c06a64209485b259

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
63B

MD5
a2642c9695170d3735642930b67b52e1

SHA1
36fceeb5b26f476c2ddfe681e25791abb4f863de

SHA256
ef403355afbfc79e1a80874901d39a20f3b3779b28f8fc7fd1ad19fa7e3b34a5

SHA512
d789818d19b4d2ddcc7fb9fad5dbbab0049edcdc97486cb4dec09e239cb052469b8b157bef767216deb96e6db1940ea4932cc829ffe66a2a51e30851d141230a

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
73B

MD5
d05af0eec0dd58eafef5a1092fb3ec3e

SHA1
35fed573a5961a4964d6e1080809f407c0bcb0a9

SHA256
5e033b4366689766d7a31d29ac7d539233c47594fe1cfaeecaf716a21881dd51

SHA512
fc743781872a9c117fc239275c3eb963b2d92ceae66386da8cfca842732310201f2aca530e0837333a8c4baee24015b01397a5479c20fbcb1729f8205f7e7fdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
70B

MD5
36933b3add1e313f3266e7eec5b46b21

SHA1
8cf085b0cf6c523607d7c43f56446cd1848c105f

SHA256
e8e4dd493f1089ff86e7f0d30f5601dba335f86a7b543e25367a1e321de87867

SHA512
e9eeb2c5d5108ad6209b7f626169d94694b29fe8c01f6b01c6a01522de81b895a56c5a89429aba80414573f1c6cf9fbaf9c7e0284151294ada67f262faa0b101

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
87B

MD5
b7e314f1cefb6998a5e7f4ca7b26145d

SHA1
d026c979b278c2cc3d080422510c46fa92e2deb5

SHA256
2cf999fb20f51160c5ac5fb18e371e48ca7ceb7dc539983565e739d5756caae2

SHA512
07a109e7c6b4e695d821433d56f9bc2fbb463e6395c7000701b701f3ac9d51cabf0af1bd5a302ed6318abac8d26dbf5887e2dcacddc00ac22f4deba313730f50

Download Submit
C:\Users\Admin\AppData\Local\Temp\assda.ini

Filesize
55B

MD5
a030b3a54a3d8d112386508a0f8e7e74

SHA1
ee1f0e4e14fd1130281f832b6e263b383c7b104b

SHA256
b2093f478e5f2eef56ca88245f9dea93d1b3b6bed60b5450bf1f216320633c41

SHA512
21d9aa39b468c38511d5c161f9ccf9d0fd523ad00f359179ecb78e42d4e7fde47a7ff08afe4f0859e57fca1b157b3b7ad575365e547f4ef99170b86440d1c4d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsjDCD4.tmp\System.dll

Filesize
11KB

MD5
0063d48afe5a0cdc02833145667b6641

SHA1
e7eb614805d183ecb1127c62decb1a6be1b4f7a8

SHA256
ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7

SHA512
71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0

Download Submit
C:\Windows\SysWOW64\kanylens.ini

Filesize
31B

MD5
22a71b3abbd8df7577278937b6dbabd0

SHA1
6b1121e9f9ada2b527f4069eecbb183a285aaeaf

SHA256
cf7c3380cfe6fb7418f04416062bc8f6d3fddc417fd904efc83604ee38b5bc55

SHA512
c70fb00cffd6ef43ba26ef563dbd6320aa8d6944ee03cb447bdfafcf5d8b84e0f0c264906ba37314e7ae34f25f63bc824814ac51fda332e893c4c647f5114038

Download Submit
memory/2088-16598-0x0000000005240000-0x0000000007ED2000-memory.dmp

Filesize
44.6MB

Download
memory/2088-16599-0x0000000005240000-0x0000000007ED2000-memory.dmp

Filesize
44.6MB

Download