8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc

Analysis

max time kernel
123s
max time network
127s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
08/10/2023, 19:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe
Size

3.7MB
MD5

78c06f2e23c52b74dfa00ae61db422a4
SHA1

2915b97fab1d3e6f82c5a211f7835594b47da511
SHA256

8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc
SHA512

14be373cd5feb17f1cbab9c8c8007eaacc36cefe97c99bb8f48bc450f38f9773f57538a6be661f97b31f22a2f2d8cd68106f8e4b841bf2bec184625734c441e0
SSDEEP

98304:2nDWxBb/ollOz3GlePnpG4AZDc5uZVIdJiYs0ARZjM:2K7y8z3Gle/pNoc5M2KM

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2996	Launcher.exe

Loads dropped DLL 2 IoCs

pid	Process
2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe
2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe
2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe
2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2900 wrote to memory of 2996	2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe	30
PID 2900 wrote to memory of 2996	2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe	30
PID 2900 wrote to memory of 2996	2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe	30
PID 2900 wrote to memory of 2996	2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe	30
PID 2900 wrote to memory of 2996	2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe	30
PID 2900 wrote to memory of 2996	2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe	30
PID 2900 wrote to memory of 2996	2900	8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe	30

C:\Users\Admin\AppData\Local\Temp\8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe
"C:\Users\Admin\AppData\Local\Temp\8e430961795a517ff5d9dc96e10a38d43de9559ba67ada4ad803964864576dcc.exe"
1⤵
- Loads dropped DLL
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2900
- C:\Users\Admin\AppData\Local\Temp\Launcher.exe
  Launcher.exe
  2⤵
  - Executes dropped EXE
  PID:2996

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Launcher.exe

Filesize
608KB

MD5
9c2832e4425d98fd969403ec1e9d4d22

SHA1
417f5952b48abfffc37975e6b3c5746a7739fa3f

SHA256
fa73240d3570c721c33094eba0132d63cd44b7b1d7b364bf5d7f6e0423c945ac

SHA512
cd5623cf00eb3430f91e3f4ce2f699fe9310e2a7679da7c97c06163972e3e06231ae21a0e0d07d2aef19bf4cbab6faaf231c78485447150bdbff3ad7613151b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Launcher.exe

Filesize
608KB

MD5
9c2832e4425d98fd969403ec1e9d4d22

SHA1
417f5952b48abfffc37975e6b3c5746a7739fa3f

SHA256
fa73240d3570c721c33094eba0132d63cd44b7b1d7b364bf5d7f6e0423c945ac

SHA512
cd5623cf00eb3430f91e3f4ce2f699fe9310e2a7679da7c97c06163972e3e06231ae21a0e0d07d2aef19bf4cbab6faaf231c78485447150bdbff3ad7613151b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Launcher.exe

Filesize
608KB

MD5
9c2832e4425d98fd969403ec1e9d4d22

SHA1
417f5952b48abfffc37975e6b3c5746a7739fa3f

SHA256
fa73240d3570c721c33094eba0132d63cd44b7b1d7b364bf5d7f6e0423c945ac

SHA512
cd5623cf00eb3430f91e3f4ce2f699fe9310e2a7679da7c97c06163972e3e06231ae21a0e0d07d2aef19bf4cbab6faaf231c78485447150bdbff3ad7613151b9

Download Submit
\Users\Admin\AppData\Local\Temp\Launcher.exe

Filesize
608KB

MD5
9c2832e4425d98fd969403ec1e9d4d22

SHA1
417f5952b48abfffc37975e6b3c5746a7739fa3f

SHA256
fa73240d3570c721c33094eba0132d63cd44b7b1d7b364bf5d7f6e0423c945ac

SHA512
cd5623cf00eb3430f91e3f4ce2f699fe9310e2a7679da7c97c06163972e3e06231ae21a0e0d07d2aef19bf4cbab6faaf231c78485447150bdbff3ad7613151b9

Download Submit
\Users\Admin\AppData\Local\Temp\Launcher.exe

Filesize
608KB

MD5
9c2832e4425d98fd969403ec1e9d4d22

SHA1
417f5952b48abfffc37975e6b3c5746a7739fa3f

SHA256
fa73240d3570c721c33094eba0132d63cd44b7b1d7b364bf5d7f6e0423c945ac

SHA512
cd5623cf00eb3430f91e3f4ce2f699fe9310e2a7679da7c97c06163972e3e06231ae21a0e0d07d2aef19bf4cbab6faaf231c78485447150bdbff3ad7613151b9

Download Submit
memory/2900-850-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-856-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-820-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-822-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-824-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-826-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-830-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-828-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-832-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-834-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-836-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-838-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-840-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-842-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-844-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-846-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-848-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-0-0x0000000000400000-0x0000000000882000-memory.dmp

Filesize
4.5MB

Download
memory/2900-852-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-854-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-858-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-818-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-860-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-862-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-864-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-868-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-866-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-870-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-872-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-2547-0x0000000002410000-0x0000000002591000-memory.dmp

Filesize
1.5MB

Download
memory/2900-8686-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-8693-0x0000000000400000-0x0000000000882000-memory.dmp

Filesize
4.5MB

Download
memory/2900-816-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-8697-0x0000000002BE0000-0x0000000002C7B000-memory.dmp

Filesize
620KB

Download
memory/2900-814-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-8702-0x0000000002BE0000-0x0000000002C7B000-memory.dmp

Filesize
620KB

Download
memory/2900-811-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-8708-0x0000000000400000-0x0000000000882000-memory.dmp

Filesize
4.5MB

Download
memory/2900-812-0x00000000025A0000-0x00000000026B1000-memory.dmp

Filesize
1.1MB

Download
memory/2900-1-0x0000000077500000-0x0000000077547000-memory.dmp

Filesize
284KB

Download
memory/2996-8706-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download
memory/2996-8705-0x0000000000400000-0x000000000049B000-memory.dmp

Filesize
620KB

Download