2c848761a6f0a696ea850d8937382e5782c097927ab86419eaff41f1a4b87dbd

Resubmissions

06/11/2023, 18:02

231106-wmftgscg5t 7

Analysis

max time kernel
31s
max time network
20s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
06/11/2023, 18:02

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SoundID_Reference_KeyGen.exe
Size

908KB
MD5

b5ed1b54bd1524d06079bb58cff47630
SHA1

74767688ea2d06b3ea16d62fe19a09cdea4be7ed
SHA256

2c848761a6f0a696ea850d8937382e5782c097927ab86419eaff41f1a4b87dbd
SHA512

45d37a1c7666d50e2924b881fc497efa70c76038b486a090e12374e1d53b9fca26651ced4f6f33d055133b3fd7c433b058a42f73163738a5573554d1fc8548bc
SSDEEP

24576:XYkcL5fBSkmeeM4a1x3KyC2LjIBxk1Ckb/RjhKhhmNYz:okALmaNT6yCa03MPb/RjAm6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2104	keygen.exe

Loads dropped DLL 4 IoCs

pid	Process
1668	SoundID_Reference_KeyGen.exe
1668	SoundID_Reference_KeyGen.exe
2104	keygen.exe
2104	keygen.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2104	1668	SoundID_Reference_KeyGen.exe	28
PID 1668 wrote to memory of 2104	1668	SoundID_Reference_KeyGen.exe	28
PID 1668 wrote to memory of 2104	1668	SoundID_Reference_KeyGen.exe	28
PID 1668 wrote to memory of 2104	1668	SoundID_Reference_KeyGen.exe	28

C:\Users\Admin\AppData\Local\Temp\SoundID_Reference_KeyGen.exe
"C:\Users\Admin\AppData\Local\Temp\SoundID_Reference_KeyGen.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Users\Admin\AppData\Local\Temp\keygen.exe
  C:\Users\Admin\AppData\Local\Temp\keygen.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2104

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\BASSMOD.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
C:\Users\Admin\AppData\Local\Temp\R2RSWKG2.dll

Filesize
33KB

MD5
0755d77fed72b371793c9a09caf4d1cd

SHA1
12a784611f3cedab5185f8234cab78248f407554

SHA256
15068bc7feb6331d79efae0904f190b8721e8f7e97235a91e2fdc851885dfc04

SHA512
7481eb1f9624b69a7e319ac698eb1d8636f4e58142b894652ee2f00548f5523c9ae8da2fb48b41f69f64e49305b36bd23e88dacc5396ff3fcc521f9604056fa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
696KB

MD5
105fd0a9d72509dacec917d3f98a0d92

SHA1
860f0d425f59c0d37065f0b2b3b747b1454c8427

SHA256
0ef10d0349d5be86cdc1ba8326e278155a6ae4ddb2ef85bdf850702cf1439f45

SHA512
12f838e9e579aaf608912a12e7f6800d695f0db1aa049649c6c2e309e7dba63f9706290c743bb96c33ffa7f849adc7a594b9bcdf0a5fe72ae687a16cc43266e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
696KB

MD5
105fd0a9d72509dacec917d3f98a0d92

SHA1
860f0d425f59c0d37065f0b2b3b747b1454c8427

SHA256
0ef10d0349d5be86cdc1ba8326e278155a6ae4ddb2ef85bdf850702cf1439f45

SHA512
12f838e9e579aaf608912a12e7f6800d695f0db1aa049649c6c2e309e7dba63f9706290c743bb96c33ffa7f849adc7a594b9bcdf0a5fe72ae687a16cc43266e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
696KB

MD5
105fd0a9d72509dacec917d3f98a0d92

SHA1
860f0d425f59c0d37065f0b2b3b747b1454c8427

SHA256
0ef10d0349d5be86cdc1ba8326e278155a6ae4ddb2ef85bdf850702cf1439f45

SHA512
12f838e9e579aaf608912a12e7f6800d695f0db1aa049649c6c2e309e7dba63f9706290c743bb96c33ffa7f849adc7a594b9bcdf0a5fe72ae687a16cc43266e3

Download Submit
\Users\Admin\AppData\Local\Temp\BASSMOD.dll

Filesize
33KB

MD5
e4ec57e8508c5c4040383ebe6d367928

SHA1
b22bcce36d9fdeae8ab7a7ecc0b01c8176648d06

SHA256
8ad9e47693e292f381da42ddc13724a3063040e51c26f4ca8e1f8e2f1ddd547f

SHA512
77d5cf66caf06e192e668fae2b2594e60a498e8e0ccef5b09b9710721a4cdb0c852d00c446fd32c5b5c85e739de2e73cb1f1f6044879fe7d237341bbb6f27822

Download Submit
\Users\Admin\AppData\Local\Temp\R2RSWKG2.dll

Filesize
33KB

MD5
0755d77fed72b371793c9a09caf4d1cd

SHA1
12a784611f3cedab5185f8234cab78248f407554

SHA256
15068bc7feb6331d79efae0904f190b8721e8f7e97235a91e2fdc851885dfc04

SHA512
7481eb1f9624b69a7e319ac698eb1d8636f4e58142b894652ee2f00548f5523c9ae8da2fb48b41f69f64e49305b36bd23e88dacc5396ff3fcc521f9604056fa6

Download Submit
\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
696KB

MD5
105fd0a9d72509dacec917d3f98a0d92

SHA1
860f0d425f59c0d37065f0b2b3b747b1454c8427

SHA256
0ef10d0349d5be86cdc1ba8326e278155a6ae4ddb2ef85bdf850702cf1439f45

SHA512
12f838e9e579aaf608912a12e7f6800d695f0db1aa049649c6c2e309e7dba63f9706290c743bb96c33ffa7f849adc7a594b9bcdf0a5fe72ae687a16cc43266e3

Download Submit
\Users\Admin\AppData\Local\Temp\keygen.exe

Filesize
696KB

MD5
105fd0a9d72509dacec917d3f98a0d92

SHA1
860f0d425f59c0d37065f0b2b3b747b1454c8427

SHA256
0ef10d0349d5be86cdc1ba8326e278155a6ae4ddb2ef85bdf850702cf1439f45

SHA512
12f838e9e579aaf608912a12e7f6800d695f0db1aa049649c6c2e309e7dba63f9706290c743bb96c33ffa7f849adc7a594b9bcdf0a5fe72ae687a16cc43266e3

Download Submit
memory/2104-11-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2104-16-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/2104-18-0x0000000000240000-0x000000000024B000-memory.dmp

Filesize
44KB

Download
memory/2104-19-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download