Overview

overview

10

Static

static

8

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...us.exe

windows7-x64

10

Campus\Exe...us.exe

windows10-2004-x64

10

Campus\Exe...us.pdf

windows7-x64

1

Campus\Exe...us.pdf

windows10-2004-x64

1

Campus\Exe...AJ.exe

windows7-x64

10

Campus\Exe...AJ.exe

windows10-2004-x64

10

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...US.exe

windows7-x64

7

Campus\Exe...US.exe

windows10-2004-x64

7

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...ur.xls

windows7-x64

1

Campus\Exe...ur.xls

windows10-2004-x64

1

Campus\Exe...yn.xls

windows7-x64

1

Campus\Exe...yn.xls

windows10-2004-x64

1

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...ge.xls

windows7-x64

1

Campus\Exe...ge.xls

windows10-2004-x64

1

Campus\Exe...rs.xls

windows7-x64

1

Campus\Exe...rs.xls

windows10-2004-x64

1

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...us.doc

windows7-x64

4

Campus\Exe...us.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    86s
  • max time network
    126s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2023 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Campus\Exe\GestCampus.exe

  • Size

    1.1MB

  • MD5

    87c8fbddd953afefc364b52b3ddf9b00

  • SHA1

    f57235b52dba70329641c57d65f83f8595b3bfc5

  • SHA256

    d539a77d880ab75b57787540f771f83f97d3102230b71f84ed45e79a83a08cf7

  • SHA512

    5715a98e8ed138827e8b4456f7ec37a03dce310a73f605da282a269a57268254e60560a51c92e12dd0b8f3005309e312fa3932ac987a42b0769070e278c01deb

  • SSDEEP

    24576:udFTku72O2xY8hX6Vag8MaOs2GGNh1m2txEdFANwnOID/V15iF:EQu72frXUVaOkGNhLt+i+xbW

Score
10/10

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    framework.pcsoft.fr
  • Port:
    21
  • Username:
    framework
  • Password:
    framework

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Campus\Exe\GestCampus.exe
    "C:\Users\Admin\AppData\Local\Temp\Campus\Exe\GestCampus.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2720
    • C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe
      "C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe" /REP="C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\" /SILENT
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      PID:2572

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\WD150HF.DLL
    Filesize

    2.6MB

    MD5

    3dcd002f7c4cc07db207954721de8c08

    SHA1

    da2b437491bf7f3183c49add76132e305dd91998

    SHA256

    5b309a42caa40d7591c112806084c9b156bfb23b59e7854ca1f9d6ab93d1caeb

    SHA512

    04e41803d7ca266962581c5ecec24f7e5d7efdc770da26d58188fb731858078857f69e3a7f3756d2477b01c42ae417a8fb5d19466a54a1a581051ee146a637ab

    Download Submit

  • C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\WD150OBJ.DLL
    Filesize

    3.2MB

    MD5

    5a0b2319464811478e46b9d474559c6b

    SHA1

    31be25dc10e07b51627c842f22ac19bc87302655

    SHA256

    4a3dddc6dfd21381d940fb6e43994af368082f82fb782c06b80d65dc3af34703

    SHA512

    69d5f21832eb22b2292f09fcc49e6b435c9832bf0bc927e36804882445af2051006e0c3cafc7bdd226e49fcb731746bb1790e82bcbdf5269e3ccbc7e84f8427c

    Download Submit

  • C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\WD150STD.DLL
    Filesize

    728KB

    MD5

    0f2941d8ba3b515086d7433f333c16e9

    SHA1

    ac423ab8c846a78a215d5dfd0280cf8597ee670c

    SHA256

    9b2042f697a3a62430a26f0e164a95e912afc3a9b7e48f691f16001fdd907732

    SHA512

    5223130d18f329ca590cb67898f339de18bc9858df5cbff089a1b7f5ecdb3fb09301fef1c0e4c0d450750b91a9a4c99f21318edb5abd1a90105c609f37c2309d

    Download Submit

  • C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\WD150VM.DLL
    Filesize

    2.3MB

    MD5

    03d44b2f98b3bb738b6fc6dd9e3506bd

    SHA1

    a9a7edebb8f97ea159c24158a0e2c2ea5d030c70

    SHA256

    a79e315d7babb618acc2470a8d074738c088901a894b82e928a351ba9e5d1ca3

    SHA512

    d0a4849d18a43c240799eb1306a69f504744321c5665cac43159a393d229b22055a968ec365d118176bb3eda697e3e9a13012f2a627143acccacb51298557fdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe
    Filesize

    15.5MB

    MD5

    0727189ee363736e77fdf71d94a7e71e

    SHA1

    e259f9e5467a9d0d72da1f16bcd89eef0c05f3d4

    SHA256

    fc74f1e4cd9c6593799b4834f87869b2d545cd713b8135ad92eeb388467afb42

    SHA512

    a16fd73b90ed32806f7cb7e9aaea81cc2eb0b8742d965803cce2aa441948a31efda781c2ea32bb91702c315419e3d8630a9067d7e2f8a5fca0fba0887d716ab9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe
    Filesize

    15.5MB

    MD5

    0727189ee363736e77fdf71d94a7e71e

    SHA1

    e259f9e5467a9d0d72da1f16bcd89eef0c05f3d4

    SHA256

    fc74f1e4cd9c6593799b4834f87869b2d545cd713b8135ad92eeb388467afb42

    SHA512

    a16fd73b90ed32806f7cb7e9aaea81cc2eb0b8742d965803cce2aa441948a31efda781c2ea32bb91702c315419e3d8630a9067d7e2f8a5fca0fba0887d716ab9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe
    Filesize

    15.5MB

    MD5

    0727189ee363736e77fdf71d94a7e71e

    SHA1

    e259f9e5467a9d0d72da1f16bcd89eef0c05f3d4

    SHA256

    fc74f1e4cd9c6593799b4834f87869b2d545cd713b8135ad92eeb388467afb42

    SHA512

    a16fd73b90ed32806f7cb7e9aaea81cc2eb0b8742d965803cce2aa441948a31efda781c2ea32bb91702c315419e3d8630a9067d7e2f8a5fca0fba0887d716ab9

    Download Submit

  • \Program Files (x86)\Common Files\PC SOFT\15.0\Framework\wd150hf.dll
    Filesize

    2.6MB

    MD5

    3dcd002f7c4cc07db207954721de8c08

    SHA1

    da2b437491bf7f3183c49add76132e305dd91998

    SHA256

    5b309a42caa40d7591c112806084c9b156bfb23b59e7854ca1f9d6ab93d1caeb

    SHA512

    04e41803d7ca266962581c5ecec24f7e5d7efdc770da26d58188fb731858078857f69e3a7f3756d2477b01c42ae417a8fb5d19466a54a1a581051ee146a637ab

    Download Submit

  • \Program Files (x86)\Common Files\PC SOFT\15.0\Framework\wd150obj.dll
    Filesize

    3.2MB

    MD5

    5a0b2319464811478e46b9d474559c6b

    SHA1

    31be25dc10e07b51627c842f22ac19bc87302655

    SHA256

    4a3dddc6dfd21381d940fb6e43994af368082f82fb782c06b80d65dc3af34703

    SHA512

    69d5f21832eb22b2292f09fcc49e6b435c9832bf0bc927e36804882445af2051006e0c3cafc7bdd226e49fcb731746bb1790e82bcbdf5269e3ccbc7e84f8427c

    Download Submit

  • \Program Files (x86)\Common Files\PC SOFT\15.0\Framework\wd150std.dll
    Filesize

    728KB

    MD5

    0f2941d8ba3b515086d7433f333c16e9

    SHA1

    ac423ab8c846a78a215d5dfd0280cf8597ee670c

    SHA256

    9b2042f697a3a62430a26f0e164a95e912afc3a9b7e48f691f16001fdd907732

    SHA512

    5223130d18f329ca590cb67898f339de18bc9858df5cbff089a1b7f5ecdb3fb09301fef1c0e4c0d450750b91a9a4c99f21318edb5abd1a90105c609f37c2309d

    Download Submit

  • \Program Files (x86)\Common Files\PC SOFT\15.0\Framework\wd150vm.dll
    Filesize

    2.3MB

    MD5

    03d44b2f98b3bb738b6fc6dd9e3506bd

    SHA1

    a9a7edebb8f97ea159c24158a0e2c2ea5d030c70

    SHA256

    a79e315d7babb618acc2470a8d074738c088901a894b82e928a351ba9e5d1ca3

    SHA512

    d0a4849d18a43c240799eb1306a69f504744321c5665cac43159a393d229b22055a968ec365d118176bb3eda697e3e9a13012f2a627143acccacb51298557fdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\InstallFramework.exe
    Filesize

    15.5MB

    MD5

    0727189ee363736e77fdf71d94a7e71e

    SHA1

    e259f9e5467a9d0d72da1f16bcd89eef0c05f3d4

    SHA256

    fc74f1e4cd9c6593799b4834f87869b2d545cd713b8135ad92eeb388467afb42

    SHA512

    a16fd73b90ed32806f7cb7e9aaea81cc2eb0b8742d965803cce2aa441948a31efda781c2ea32bb91702c315419e3d8630a9067d7e2f8a5fca0fba0887d716ab9

    Download Submit

  • memory/2720-1-0x00000000002F0000-0x0000000000300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2720-105-0x0000000003D00000-0x0000000003D40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2720-2-0x00000000002F0000-0x0000000000300000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2720-109-0x0000000003D00000-0x0000000003D40000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2720-110-0x00000000002F0000-0x0000000000300000-memory.dmp

    Filesize

    64KB

    Download