Overview

overview

10

Static

static

8

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...us.exe

windows7-x64

10

Campus\Exe...us.exe

windows10-2004-x64

10

Campus\Exe...us.pdf

windows7-x64

1

Campus\Exe...us.pdf

windows10-2004-x64

1

Campus\Exe...AJ.exe

windows7-x64

10

Campus\Exe...AJ.exe

windows10-2004-x64

10

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...US.exe

windows7-x64

7

Campus\Exe...US.exe

windows10-2004-x64

7

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...ur.xls

windows7-x64

1

Campus\Exe...ur.xls

windows10-2004-x64

1

Campus\Exe...yn.xls

windows7-x64

1

Campus\Exe...yn.xls

windows10-2004-x64

1

Campus\Exe...s.xlsx

windows7-x64

1

Campus\Exe...s.xlsx

windows10-2004-x64

1

Campus\Exe...ge.xls

windows7-x64

1

Campus\Exe...ge.xls

windows10-2004-x64

1

Campus\Exe...rs.xls

windows7-x64

1

Campus\Exe...rs.xls

windows10-2004-x64

1

Campus\Exe...e.xlsx

windows7-x64

1

Campus\Exe...e.xlsx

windows10-2004-x64

1

Campus\Exe...us.doc

windows7-x64

4

Campus\Exe...us.doc

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    180s
  • platform
    windows7_x64
  • resource
    win7-20231020-en
  • resource tags

    arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
  • submitted
    07-11-2023 14:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Campus\Exe\GestCampus_MAJ.exe

  • Size

    157KB

  • MD5

    8eb717b36caaa28f56f1a90220f0d007

  • SHA1

    8c6399ba74d9cff143ce8d66037a7b5bc8b7d917

  • SHA256

    c655c83d1ecdf53d05f19717e6eb943c132241ee1cc542fba4e68a8db5de399c

  • SHA512

    8ea0d6e8ec3b713d4a5967899a899c18858cda67f1b2de2b8ad5e8f62eeff66054075334725d4b1aca78e1629246b738811582bd2d86985ee3358e3943d6d265

  • SSDEEP

    3072:Lt8IM0yDla/URk68GzbH9bEKrkGpoBnkQyVwf9OFw/se1IZOumaTo/nTqLZDsSft:L3rBwXzbdbhVps/yiO+qZ4uCT4lDfX

Score
10/10
upx

Malware Config

Extracted

Credentials

  • Protocol:     ftp
  • Host:
    framework.pcsoft.fr
  • Port:
    21
  • Username:
    framework
  • Password:
    framework

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Campus\Exe\GestCampus_MAJ.exe
    "C:\Users\Admin\AppData\Local\Temp\Campus\Exe\GestCampus_MAJ.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2976
    • C:\Users\Admin\AppData\Local\Temp\Campus\Exe\GestCampus.exe
      "C:\Users\Admin\AppData\Local\Temp\Campus\Exe\GestCampus.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:2860
      • C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe
        "C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe" /REP="C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\" /SILENT
        3⤵
        • Executes dropped EXE
        • Drops file in Program Files directory
        PID:2664

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\WD150HF.DLL
    Filesize

    2.6MB

    MD5

    3dcd002f7c4cc07db207954721de8c08

    SHA1

    da2b437491bf7f3183c49add76132e305dd91998

    SHA256

    5b309a42caa40d7591c112806084c9b156bfb23b59e7854ca1f9d6ab93d1caeb

    SHA512

    04e41803d7ca266962581c5ecec24f7e5d7efdc770da26d58188fb731858078857f69e3a7f3756d2477b01c42ae417a8fb5d19466a54a1a581051ee146a637ab

    Download Submit

  • C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\WD150OBJ.DLL
    Filesize

    3.2MB

    MD5

    5a0b2319464811478e46b9d474559c6b

    SHA1

    31be25dc10e07b51627c842f22ac19bc87302655

    SHA256

    4a3dddc6dfd21381d940fb6e43994af368082f82fb782c06b80d65dc3af34703

    SHA512

    69d5f21832eb22b2292f09fcc49e6b435c9832bf0bc927e36804882445af2051006e0c3cafc7bdd226e49fcb731746bb1790e82bcbdf5269e3ccbc7e84f8427c

    Download Submit

  • C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\WD150STD.DLL
    Filesize

    728KB

    MD5

    0f2941d8ba3b515086d7433f333c16e9

    SHA1

    ac423ab8c846a78a215d5dfd0280cf8597ee670c

    SHA256

    9b2042f697a3a62430a26f0e164a95e912afc3a9b7e48f691f16001fdd907732

    SHA512

    5223130d18f329ca590cb67898f339de18bc9858df5cbff089a1b7f5ecdb3fb09301fef1c0e4c0d450750b91a9a4c99f21318edb5abd1a90105c609f37c2309d

    Download Submit

  • C:\Program Files (x86)\Common Files\PC SOFT\15.0\Framework\WD150VM.DLL
    Filesize

    2.3MB

    MD5

    03d44b2f98b3bb738b6fc6dd9e3506bd

    SHA1

    a9a7edebb8f97ea159c24158a0e2c2ea5d030c70

    SHA256

    a79e315d7babb618acc2470a8d074738c088901a894b82e928a351ba9e5d1ca3

    SHA512

    d0a4849d18a43c240799eb1306a69f504744321c5665cac43159a393d229b22055a968ec365d118176bb3eda697e3e9a13012f2a627143acccacb51298557fdf

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe
    Filesize

    15.5MB

    MD5

    0727189ee363736e77fdf71d94a7e71e

    SHA1

    e259f9e5467a9d0d72da1f16bcd89eef0c05f3d4

    SHA256

    fc74f1e4cd9c6593799b4834f87869b2d545cd713b8135ad92eeb388467afb42

    SHA512

    a16fd73b90ed32806f7cb7e9aaea81cc2eb0b8742d965803cce2aa441948a31efda781c2ea32bb91702c315419e3d8630a9067d7e2f8a5fca0fba0887d716ab9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe
    Filesize

    15.5MB

    MD5

    0727189ee363736e77fdf71d94a7e71e

    SHA1

    e259f9e5467a9d0d72da1f16bcd89eef0c05f3d4

    SHA256

    fc74f1e4cd9c6593799b4834f87869b2d545cd713b8135ad92eeb388467afb42

    SHA512

    a16fd73b90ed32806f7cb7e9aaea81cc2eb0b8742d965803cce2aa441948a31efda781c2ea32bb91702c315419e3d8630a9067d7e2f8a5fca0fba0887d716ab9

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\InstallFramework.exe
    Filesize

    15.5MB

    MD5

    0727189ee363736e77fdf71d94a7e71e

    SHA1

    e259f9e5467a9d0d72da1f16bcd89eef0c05f3d4

    SHA256

    fc74f1e4cd9c6593799b4834f87869b2d545cd713b8135ad92eeb388467afb42

    SHA512

    a16fd73b90ed32806f7cb7e9aaea81cc2eb0b8742d965803cce2aa441948a31efda781c2ea32bb91702c315419e3d8630a9067d7e2f8a5fca0fba0887d716ab9

    Download Submit

  • \Program Files (x86)\Common Files\PC SOFT\15.0\Framework\wd150hf.dll
    Filesize

    2.6MB

    MD5

    3dcd002f7c4cc07db207954721de8c08

    SHA1

    da2b437491bf7f3183c49add76132e305dd91998

    SHA256

    5b309a42caa40d7591c112806084c9b156bfb23b59e7854ca1f9d6ab93d1caeb

    SHA512

    04e41803d7ca266962581c5ecec24f7e5d7efdc770da26d58188fb731858078857f69e3a7f3756d2477b01c42ae417a8fb5d19466a54a1a581051ee146a637ab

    Download Submit

  • \Program Files (x86)\Common Files\PC SOFT\15.0\Framework\wd150obj.dll
    Filesize

    3.2MB

    MD5

    5a0b2319464811478e46b9d474559c6b

    SHA1

    31be25dc10e07b51627c842f22ac19bc87302655

    SHA256

    4a3dddc6dfd21381d940fb6e43994af368082f82fb782c06b80d65dc3af34703

    SHA512

    69d5f21832eb22b2292f09fcc49e6b435c9832bf0bc927e36804882445af2051006e0c3cafc7bdd226e49fcb731746bb1790e82bcbdf5269e3ccbc7e84f8427c

    Download Submit

  • \Program Files (x86)\Common Files\PC SOFT\15.0\Framework\wd150std.dll
    Filesize

    728KB

    MD5

    0f2941d8ba3b515086d7433f333c16e9

    SHA1

    ac423ab8c846a78a215d5dfd0280cf8597ee670c

    SHA256

    9b2042f697a3a62430a26f0e164a95e912afc3a9b7e48f691f16001fdd907732

    SHA512

    5223130d18f329ca590cb67898f339de18bc9858df5cbff089a1b7f5ecdb3fb09301fef1c0e4c0d450750b91a9a4c99f21318edb5abd1a90105c609f37c2309d

    Download Submit

  • \Program Files (x86)\Common Files\PC SOFT\15.0\Framework\wd150vm.dll
    Filesize

    2.3MB

    MD5

    03d44b2f98b3bb738b6fc6dd9e3506bd

    SHA1

    a9a7edebb8f97ea159c24158a0e2c2ea5d030c70

    SHA256

    a79e315d7babb618acc2470a8d074738c088901a894b82e928a351ba9e5d1ca3

    SHA512

    d0a4849d18a43c240799eb1306a69f504744321c5665cac43159a393d229b22055a968ec365d118176bb3eda697e3e9a13012f2a627143acccacb51298557fdf

    Download Submit

  • \Users\Admin\AppData\Local\Temp\InstallFramework.exe
    Filesize

    15.5MB

    MD5

    0727189ee363736e77fdf71d94a7e71e

    SHA1

    e259f9e5467a9d0d72da1f16bcd89eef0c05f3d4

    SHA256

    fc74f1e4cd9c6593799b4834f87869b2d545cd713b8135ad92eeb388467afb42

    SHA512

    a16fd73b90ed32806f7cb7e9aaea81cc2eb0b8742d965803cce2aa441948a31efda781c2ea32bb91702c315419e3d8630a9067d7e2f8a5fca0fba0887d716ab9

    Download Submit

  • memory/2860-5-0x0000000000640000-0x0000000000650000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2860-108-0x0000000003AB0000-0x0000000003AF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2860-109-0x0000000003AB0000-0x0000000003AF0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/2976-0-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2976-3-0x0000000000400000-0x000000000046C000-memory.dmp

    Filesize

    432KB

    Download

  • memory/2976-2-0x00000000030A0000-0x00000000030B0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/2976-1-0x0000000000220000-0x0000000000221000-memory.dmp

    Filesize

    4KB

    Download