908d936dfcaead65c4e67d93d3e5d9f28ef4637c822132c1d8ee865dff9ff147

Analysis

max time kernel
122s
max time network
134s
platform
windows7_x64
resource
win7-20231025-en
resource tags

arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
submitted
30/10/2023, 23:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cloudinstaller.exe
Size

148.1MB
MD5

f5d600a7d609db799b6cf7f73b16a6ef
SHA1

86bff7148ff31d9de41aa0522a81b0b35e0bec3c
SHA256

908d936dfcaead65c4e67d93d3e5d9f28ef4637c822132c1d8ee865dff9ff147
SHA512

fdccace34dcc165811c3ae1fcac47606c26b67a0ad667d35deddb448ee65a4ae24c94159244e84f48f66c17c887a998ac4818e1d74b7003b59c890d4aa52ea5e
SSDEEP

786432:2pz24RRx7jChNQNt/ZYLy/pGyjpy5l7y953zQ3TtLwSTRpf4P1wT1XKTTmBEA/R:2Z2ExfWNQNt/ZLq+jRuBd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 3 IoCs

pid	Process
2124	cloudinstaller.exe
2124	cloudinstaller.exe
2124	cloudinstaller.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2124	cloudinstaller.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 304	2124	cloudinstaller.exe	30
PID 2124 wrote to memory of 304	2124	cloudinstaller.exe	30
PID 2124 wrote to memory of 304	2124	cloudinstaller.exe	30

C:\Users\Admin\AppData\Local\Temp\cloudinstaller.exe
"C:\Users\Admin\AppData\Local\Temp\cloudinstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 2124 -s 1540
  2⤵
  PID:304

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\.net\cloudinstaller\G1j7YMNsR8bHIjgrpIl7f66GN+OXfZ4=\D3DCompiler_47_cor3.dll

Filesize
4.7MB

MD5
ca68272d2c97f1e145f50b8cd1edf3a6

SHA1
83097400436f111c13ee34740e66b3de0542914b

SHA256
ff5dddae92b3798cc00c14a706ecb6329c27aa6d7bb6e82b393cf8b7366458ba

SHA512
ffc670aea4dad0113196d594c0fd07a838123e485ffebe3b728b8a18403b0bb82b042ccf23019c850a62466990b10a2e94102178326df735e4815dba7811d502

Download Submit
\Users\Admin\AppData\Local\Temp\.net\cloudinstaller\G1j7YMNsR8bHIjgrpIl7f66GN+OXfZ4=\PresentationNative_cor3.dll

Filesize
1.2MB

MD5
5a137f1c0db458b0e5bb642f5293d3e6

SHA1
6f66bf8ad1a930c7021a95025b81af6169508a08

SHA256
334a78b0e495b25b9b828216c4613a8a169129c583245da3c3b2b923d4e4c39b

SHA512
d645f9c57523296923e2753202dbcd2a09f75bf46ac9a5a5525182d1d90b6f2fb078789150f4aeeafca8717098670780cbdb1e81fdb7fdd32d5ad791a2cafc79

Download Submit
\Users\Admin\AppData\Local\Temp\.net\cloudinstaller\G1j7YMNsR8bHIjgrpIl7f66GN+OXfZ4=\wpfgfx_cor3.dll

Filesize
1.9MB

MD5
c8af68f307e0868e673d6e69924b3b81

SHA1
fbf565bdc0c1fe97b57690e3be751452d7e2fc56

SHA256
23db27f5a6d7b9993f3d5179e4021913cd977d810fbfd8c482f601aee9759e47

SHA512
cb4d21179504de09c62629a7b4cb23d4b771f477bf888927896abb143214451c4ad6210f2586a4e442b68eb39b9af7f42c916931849dd650044152ce7bf25720

Download Submit
memory/2124-45-0x0000000022980000-0x0000000022996000-memory.dmp

Filesize
88KB

Download
memory/2124-51-0x00000000229A0000-0x00000000229B8000-memory.dmp

Filesize
96KB

Download
memory/2124-18-0x0000000000760000-0x00000000007A4000-memory.dmp

Filesize
272KB

Download
memory/2124-21-0x0000000002160000-0x000000000219E000-memory.dmp

Filesize
248KB

Download
memory/2124-24-0x0000000024F70000-0x00000000257B3000-memory.dmp

Filesize
8.3MB

Download
memory/2124-27-0x0000000001E50000-0x0000000001ECF000-memory.dmp

Filesize
508KB

Download
memory/2124-30-0x00000000003C0000-0x00000000003CD000-memory.dmp

Filesize
52KB

Download
memory/2124-33-0x00000000021A0000-0x00000000021A5000-memory.dmp

Filesize
20KB

Download
memory/2124-36-0x00000000228A0000-0x00000000228B3000-memory.dmp

Filesize
76KB

Download
memory/2124-39-0x0000000002240000-0x0000000002247000-memory.dmp

Filesize
28KB

Download
memory/2124-42-0x0000000022880000-0x0000000022899000-memory.dmp

Filesize
100KB

Download
memory/2124-5-0x0000000180000000-0x0000000180A23000-memory.dmp

Filesize
10.1MB

Download
memory/2124-48-0x0000000022F40000-0x0000000022F80000-memory.dmp

Filesize
256KB

Download
memory/2124-15-0x0000000022DE0000-0x0000000022F3E000-memory.dmp

Filesize
1.4MB

Download
memory/2124-54-0x00000000229C0000-0x00000000229D2000-memory.dmp

Filesize
72KB

Download
memory/2124-12-0x0000000023010000-0x0000000023238000-memory.dmp

Filesize
2.2MB

Download
memory/2124-60-0x0000000023540000-0x0000000023634000-memory.dmp

Filesize
976KB

Download
memory/2124-66-0x0000000023440000-0x0000000023487000-memory.dmp

Filesize
284KB

Download
memory/2124-63-0x0000000022960000-0x0000000022968000-memory.dmp

Filesize
32KB

Download
memory/2124-69-0x0000000022FB0000-0x0000000022FDA000-memory.dmp

Filesize
168KB

Download
memory/2124-72-0x0000000025FF0000-0x000000002680C000-memory.dmp

Filesize
8.1MB

Download
memory/2124-8-0x0000000023FE0000-0x0000000024F66000-memory.dmp

Filesize
15.5MB

Download
memory/2124-9-0x000000013FFE0000-0x0000000140916000-memory.dmp

Filesize
9.2MB

Download
memory/2124-110-0x0000000023500000-0x000000002350A000-memory.dmp

Filesize
40KB

Download
memory/2124-129-0x000000013FFE0000-0x0000000140916000-memory.dmp

Filesize
9.2MB

Download
memory/2124-130-0x0000000023500000-0x000000002350A000-memory.dmp

Filesize
40KB

Download
memory/2124-161-0x000000013FFE0000-0x0000000140916000-memory.dmp

Filesize
9.2MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads