Overview

overview

10

Static

static

10

17ffd90d20...e1.dll

windows7-x64

1

1caf510598...e1.exe

windows7-x64

10

1d88c47417...67.exe

windows7-x64

1

1ecb597741...af.exe

windows7-x64

2a5fe7d49f...b5.exe

windows7-x64

1

2c1aa4fa14...dc.exe

windows7-x64

8

34d62f47e1...6e.exe

windows7-x64

3

38f1b8c868...05.exe

windows7-x64

10

40d8e3dae5...04.exe

windows7-x64

10

410ee08c8a...59.exe

windows7-x64

6

423b7b37b1...42.exe

windows7-x64

1

4315b6e87c...0b.exe

windows7-x64

7

453c6fe9e1...91.exe

windows7-x64

1

4a841216cb...37.exe

windows7-x64

1

4e180437ef...a9.exe

windows7-x64

1

4fb989bc0f...00.exe

windows7-x64

10

55bdc39b0b...70.exe

windows7-x64

10

5a1b6ba55f...c3.exe

windows7-x64

1

5f056a4a7a...4c.exe

windows7-x64

7

6709db0a92...53.exe

windows7-x64

9

69add888bc...df.exe

windows7-x64

7

6af766a07c...20.exe

windows7-x64

10

719a339594...44.exe

windows7-x64

7

71a20e2700...db.exe

windows7-x64

1

7acc03a357...fd.exe

windows7-x64

7

7bd3e8a108...5f.exe

windows7-x64

1

8034ef305b...74.exe

windows7-x64

1

88be20529e...cb.exe

windows7-x64

8e6c6b616e...19.exe

windows7-x64

7

907c21dd04...b0.exe

windows7-x64

7

9b1d7a498b...21.exe

windows7-x64

7

9b7e5d2fdc...8b.exe

windows7-x64

7

Resubmissions

07-09-2023 14:45

230907-r45fysaf5s 10

07-09-2023 14:12

230907-rjbyxaad5s 10

Analysis

  • max time kernel
    142s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    07-09-2023 14:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2c1aa4fa14d7055f2239dbb29ab15089cb2752e9f94ec7a360d275dd607314dc.exe

  • Size

    620KB

  • MD5

    5376a226b33db36b51bf85b910071031

  • SHA1

    ee89a2daf45bda00154a181b0713d351a19b6e00

  • SHA256

    2c1aa4fa14d7055f2239dbb29ab15089cb2752e9f94ec7a360d275dd607314dc

  • SHA512

    38fae7a2ef4ba9d8633dd6898f525a6d4ef91813700eb5b95a4e13dfe6caea8d291eedfd092916a50b401cb9bef24adb2a2878b327a4f00c0590d09948483083

  • SSDEEP

    12288:wUA9qXSileJnwNoFp1ayIfKIemXyYL1LyV/G/0HCO3ZaqEmhENt:wVoXcw2FpZ+9egiU0iofEmG/

Score
8/10

Malware Config

Signatures

  • Drops file in Drivers directory 1 IoCs
  • Drops startup file 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c1aa4fa14d7055f2239dbb29ab15089cb2752e9f94ec7a360d275dd607314dc.exe
    "C:\Users\Admin\AppData\Local\Temp\2c1aa4fa14d7055f2239dbb29ab15089cb2752e9f94ec7a360d275dd607314dc.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in System32 directory
    • Suspicious use of WriteProcessMemory
    PID:1756
    • C:\Windows\SysWOW64\vvuacult.exe
      C:\Windows\System32\vvuacult.exe
      2⤵
      • Drops file in Drivers directory
      • Drops startup file
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2828
      • C:\Windows\SysWOW64\cmd.exe
        cmd.exe + command.com /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /f /v SaveZoneInformation /t reg_dword /d 1
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2472
        • C:\Windows\SysWOW64\reg.exe
          reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments" /f /v SaveZoneInformation /t reg_dword /d 1
          4⤵
            PID:2500
        • C:\Windows\SysWOW64\cmd.exe
          cmd.exe + command.com /c reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /f /v LowRiskFileTypes /t reg_sz /d ".exe;"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:2600
          • C:\Windows\SysWOW64\reg.exe
            reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations" /f /v LowRiskFileTypes /t reg_sz /d ".exe;"
            4⤵
              PID:2464

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\MsnMsg.eXe
        Filesize

        620KB

        MD5

        5376a226b33db36b51bf85b910071031

        SHA1

        ee89a2daf45bda00154a181b0713d351a19b6e00

        SHA256

        2c1aa4fa14d7055f2239dbb29ab15089cb2752e9f94ec7a360d275dd607314dc

        SHA512

        38fae7a2ef4ba9d8633dd6898f525a6d4ef91813700eb5b95a4e13dfe6caea8d291eedfd092916a50b401cb9bef24adb2a2878b327a4f00c0590d09948483083

        Download Submit

      • C:\Windows\SysWOW64\vvuacult.exe
        Filesize

        185KB

        MD5

        a74dd1e24d9f1af96bebd38246d1160e

        SHA1

        87f5af52c0ae4f5f70597c579d3f31374c6b870c

        SHA256

        04e8f6883c5638e91ff588124890dff639bd7b790c601ae25dae87fec7e958df

        SHA512

        d4bc70b162c39e1bb70100600d61a72daaff7a49f0a9a2c3784767d963f5e3ff951ed2a0c9ae78ba4a7181da07391f15fd704ca455e76e10a136ca51b46fbf93

        Download Submit

      • \Windows\SysWOW64\MsnMsg.eXe
        Filesize

        620KB

        MD5

        5376a226b33db36b51bf85b910071031

        SHA1

        ee89a2daf45bda00154a181b0713d351a19b6e00

        SHA256

        2c1aa4fa14d7055f2239dbb29ab15089cb2752e9f94ec7a360d275dd607314dc

        SHA512

        38fae7a2ef4ba9d8633dd6898f525a6d4ef91813700eb5b95a4e13dfe6caea8d291eedfd092916a50b401cb9bef24adb2a2878b327a4f00c0590d09948483083

        Download Submit

      • \Windows\SysWOW64\vvuacult.exe
        Filesize

        185KB

        MD5

        a74dd1e24d9f1af96bebd38246d1160e

        SHA1

        87f5af52c0ae4f5f70597c579d3f31374c6b870c

        SHA256

        04e8f6883c5638e91ff588124890dff639bd7b790c601ae25dae87fec7e958df

        SHA512

        d4bc70b162c39e1bb70100600d61a72daaff7a49f0a9a2c3784767d963f5e3ff951ed2a0c9ae78ba4a7181da07391f15fd704ca455e76e10a136ca51b46fbf93

        Download Submit

      • memory/1756-0-0x0000000000230000-0x0000000000231000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1756-1-0x0000000000400000-0x00000000004A2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/1756-2-0x0000000000230000-0x0000000000231000-memory.dmp

        Filesize

        4KB

        Download

      • memory/1756-21-0x0000000000400000-0x00000000004A2000-memory.dmp

        Filesize

        648KB

        Download

      • memory/2828-22-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download