d7425397ee4909caaf7ef37d780ce64280b861f192eb58a9f02c54631a2456cb

Analysis

max time kernel
22s
max time network
23s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
06/10/2023, 17:25

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

chirp-daily-20200622-installer.exe
Size

11.7MB
MD5

e3d6802d9a570c6ec4eaa859d62703bb
SHA1

73a6196d1eaf717b5773b8896d2d6825f3e4600a
SHA256

d7425397ee4909caaf7ef37d780ce64280b861f192eb58a9f02c54631a2456cb
SHA512

9d4cf7ac7c98f9316e47a2f3911f5ca5b052ccfd79db1ec31cd3a9b4d6deb06120d276964390b4b259e9a0be7b5a3261fe989b2f108e7c4b7539cc64c7224432
SSDEEP

196608:mh3yF4AxU0N6GQRzW7rRpEBu9wFedRIlQcZsewYH9t/NdEeKxc38MgkKxA46JZKV:03a4B+6GQ47rRpEB1QTyTJPs0gw40KV

Score

7^/10

discovery

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2160	chirp-daily-20200622-installer.exe
2160	chirp-daily-20200622-installer.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\CHIRP\win32gui.pyd	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\pkgconfig\gail.pc	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man1\gdk-pixbuf-query-loaders.1	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcInitReinitialize.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcStrSetEqual.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man1\fc-match.1	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcNameGetConstant.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcPatternDel.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcStrDirname.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\gobject-2.0.def	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\zdll.lib	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcPatternFilter.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcStrSetDestroy.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\stock_configs\US FRS and GMRS Channels.csv	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\COPYING	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\pkgconfig\gdk-win32-2.0.pc	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcCharSetNew.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcConfigGetConfigDirs.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcInitBringUptoDate.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcLangSetCompare.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcLangSetEqual.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\libcairo.dll.a	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\gtk-2.0\demo\alphatest.png	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\gtk-2.0\demo\spinner.c	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man1\gettext.1	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\stock_configs\UK Business Radio Simple Light Frequencies.csv	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\aclocal\libxml.m4	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man1\gobject-query.1	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcFontSetMatch.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\libxmlmods.libxsltmod.pyd	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\gthread-2.0.lib	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\locale\it\LC_MESSAGES\CHIRP.mo	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcFontList.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcValuePrint.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\pkgconfig\gdk-2.0.pc	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcCharSetUnion.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcDirCacheUnload.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\libpangoft2-1.0-0.dll	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\etc\pango\pango.aliases	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcNameParse.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\gtk-2.0\demo\gnome-gimp.png	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcGetVersion.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcMatrixRotate.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\unicodedata.pyd	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcBlanksAdd.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcNameUnregisterConstants.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\libgdk-win32-2.0.dll.a	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcFontSetDestroy.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcConfigReference.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcStrListNext.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\dcgettext.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\dngettext.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\gdk-win32-2.0.lib	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\libpango-1.0.dll.a	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man1\gsettings.1	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcCharSetDestroy.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcConfigGetCache.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcFontSetSort.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\etc\bash_completion.d\gdbus-bash-completion.sh	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\lib\pkgconfig\gio-2.0.pc	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcAtomicLock.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man1\ngettext.1	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcCharSetEqual.3	chirp-daily-20200622-installer.exe
File created	C:\Program Files (x86)\CHIRP\share\man\man3\FcDirSave.3	chirp-daily-20200622-installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

C:\Users\Admin\AppData\Local\Temp\chirp-daily-20200622-installer.exe
"C:\Users\Admin\AppData\Local\Temp\chirp-daily-20200622-installer.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2160

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0
1⤵
PID:1888

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x1
1⤵
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsoA1FB.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoA1FB.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoA1FB.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA1FB.tmp\System.dll

Filesize
11KB

MD5
c17103ae9072a06da581dec998343fc1

SHA1
b72148c6bdfaada8b8c3f950e610ee7cf1da1f8d

SHA256
dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f

SHA512
d32a71aaef18e993f28096d536e41c4d016850721b31171513ce28bbd805a54fd290b7c3e9d935f72e676a1acfb4f0dcc89d95040a0dd29f2b6975855c18986f

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA1FB.tmp\nsDialogs.dll

Filesize
9KB

MD5
c10e04dd4ad4277d5adc951bb331c777

SHA1
b1e30808198a3ae6d6d1cca62df8893dc2a7ad43

SHA256
e31ad6c6e82e603378cb6b80e67d0e0dcd9cf384e1199ac5a65cb4935680021a

SHA512
853a5564bf751d40484ea482444c6958457cb4a17fb973cf870f03f201b8b2643be41bccde00f6b2026dc0c3d113e6481b0dc4c7b0f3ae7966d38c92c6b5862e

Download Submit
memory/1460-525-0x00000000026E0000-0x00000000026E1000-memory.dmp

Filesize
4KB

Download
memory/1888-524-0x00000000029C0000-0x00000000029C1000-memory.dmp

Filesize
4KB

Download