37e0f2e46ec0016445466c8e47a3df315727c1327b0dcb58e854368070bfe22e

Analysis

max time kernel
151s
max time network
129s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
15/10/2023, 19:40

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

840a64d149364d136947636f1a2c10c0_exe32.exe
Size

245KB
MD5

840a64d149364d136947636f1a2c10c0
SHA1

fd7e9b9de888c5b01232be37219d12b134d7e1d5
SHA256

37e0f2e46ec0016445466c8e47a3df315727c1327b0dcb58e854368070bfe22e
SHA512

18fdd733723bbbd0228da6424cbda9118062a5c45f9b46e17cafc72ee4b174131bf1ac8c5a397f7ebd266b1efe156a36f284ce3ca88d3a08797b717bb926e5f5
SSDEEP

6144:Ik/pC6zDdHmYWyEHV1pGsGf9QRBP5NPZKC:jnDdHmYyo2PNb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2288	8E1C.tmp

Loads dropped DLL 2 IoCs

pid	Process
2064	840a64d149364d136947636f1a2c10c0_exe32.exe
2064	840a64d149364d136947636f1a2c10c0_exe32.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\vdk150.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FDATE.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\atl.dll	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\cryptocme2.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\DBGHELP.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DW\DW20.EXE	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEEXCL.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\WTSP61MS.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA7\VBE7.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSO.DLL	8E1C.tmp
File opened for modification	C:\Program Files\7-Zip\7zCon.sfx	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeLinguistic.dll	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AdobeUpdater.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Annots.api	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\ReadOutLoud.api	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\SPPlugins\ADMPlugin.apl	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACER3X.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Portal\PortalConnectCore.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\MSCONV97.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VC\msdia90.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\EQUATION\EQNEDT32.EXE	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\GRPHFLT\GIFIMP32.FLT	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\hxds.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Csi.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXPSRV.DLL	8E1C.tmp
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\LogTransport2.exe	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\Real.mpp	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Updater6\AdobeUpdaterInstallMgr.exe	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEXBE.DLL	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Onix32.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia.api	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\SendMail.api	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Multimedia\MPP\MCIMPP.mpp	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FBIBLIO.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\LICLUA.EXE	8E1C.tmp
File opened for modification	C:\Program Files\7-Zip\7z.sfx	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AXSLE.dll	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\JP2KLib.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\sqlite.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\PPKLite.api	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins3d\drvDX9.x3d	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACETXT.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Help\msitss55.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Acrofx32.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\EXP_PDF.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\OSETUP.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\MSB1STAR.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEES.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEREP.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\ACE.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Accessibility.api	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Search5.api	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\Spelling.api	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\DESIGNER\MSADDNDR.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\USP10.DLL	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\WPFT532.CNV	8E1C.tmp
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\logsession.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll	8E1C.tmp
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\ACEEXCH.DLL	8E1C.tmp

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2064 wrote to memory of 2288	2064	840a64d149364d136947636f1a2c10c0_exe32.exe	28
PID 2064 wrote to memory of 2288	2064	840a64d149364d136947636f1a2c10c0_exe32.exe	28
PID 2064 wrote to memory of 2288	2064	840a64d149364d136947636f1a2c10c0_exe32.exe	28
PID 2064 wrote to memory of 2288	2064	840a64d149364d136947636f1a2c10c0_exe32.exe	28

C:\Users\Admin\AppData\Local\Temp\840a64d149364d136947636f1a2c10c0_exe32.exe
"C:\Users\Admin\AppData\Local\Temp\840a64d149364d136947636f1a2c10c0_exe32.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2064
- C:\Users\Admin\AppData\Local\Temp\8E1C.tmp
  C:\Users\Admin\AppData\Local\Temp\8E1C.tmp
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\8E1C.tmp

Filesize
145KB

MD5
c610e7ccd6859872c585b2a85d7dc992

SHA1
362b3d4b72e3add687c209c79b500b7c6a246d46

SHA256
14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

SHA512
8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

Download Submit
C:\Users\Admin\AppData\Local\Temp\8E1C.tmp

Filesize
145KB

MD5
c610e7ccd6859872c585b2a85d7dc992

SHA1
362b3d4b72e3add687c209c79b500b7c6a246d46

SHA256
14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

SHA512
8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

Download Submit
C:\Users\Admin\AppData\Local\Temp\8E1C.tmp

Filesize
145KB

MD5
c610e7ccd6859872c585b2a85d7dc992

SHA1
362b3d4b72e3add687c209c79b500b7c6a246d46

SHA256
14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

SHA512
8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

Download Submit
\Users\Admin\AppData\Local\Temp\8E1C.tmp

Filesize
145KB

MD5
c610e7ccd6859872c585b2a85d7dc992

SHA1
362b3d4b72e3add687c209c79b500b7c6a246d46

SHA256
14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

SHA512
8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

Download Submit
\Users\Admin\AppData\Local\Temp\8E1C.tmp

Filesize
145KB

MD5
c610e7ccd6859872c585b2a85d7dc992

SHA1
362b3d4b72e3add687c209c79b500b7c6a246d46

SHA256
14063fc61dc71b9881d75e93a587c27a6daf8779ff5255a24a042beace541041

SHA512
8570aad2ae8b5dcba00fc5ebf3dc0ea117e96cc88a83febd820c5811bf617a6431c1367b3eb88332f43f80b30ebe2c298c22dcc44860a075f7b41bf350236666

Download Submit
memory/2064-1-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2064-2-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2064-0-0x0000000000220000-0x0000000000257000-memory.dmp

Filesize
220KB

Download
memory/2064-17-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads