Overview

overview

7

Static

static

3

PrimoCache....0.exe

windows7-x64

7

PrimoCache....0.exe

windows10-2004-x64

7

reg/CmdColor.exe

windows7-x64

1

reg/CmdColor.exe

windows10-2004-x64

1

reg/drv.ba...cv.sys

windows10-2004-x64

1

reg/drv.ba...cv.sys

windows10-2004-x64

1

reg/drv10/rxfcv.sys

windows10-2004-x64

1

reg/drv7/rxfcv.sys

windows10-2004-x64

1

reg/install.bat

windows7-x64

1

reg/install.bat

windows10-2004-x64

1

沃下载-...om.url

windows7-x64

1

沃下载-...om.url

windows10-2004-x64

1

Analysis

  • max time kernel
    172s
  • max time network
    160s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231025-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/11/2023, 06:52

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PrimoCache_Srv_Setup_4.3.0.exe

  • Size

    7.0MB

  • MD5

    6eef34fcb55dd0b46686bb4ff4b9af2a

  • SHA1

    b1e36aa97e0e7961a22c36074043776831700ac9

  • SHA256

    72272ad5a44142416f124e206a689c7d92b7fa1cdc6efb2e3388343e75d2a0b2

  • SHA512

    172c2c9abf4528efb0d06d3a4ad304eca4d555cbb171b5847d3ceccba7777964aa9ba4daed05e55b2dffe360a932885c790f3e9586b0049696652ef07fbbdf17

  • SSDEEP

    196608:dxV2Vn+IH0xBSz/i0zaxByF8+IGVC3WnOxdXQ8sXdZ:dxV2Vn+IH0x4zasa5eC3ucC8sT

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\PrimoCache_Srv_Setup_4.3.0.exe
    "C:\Users\Admin\AppData\Local\Temp\PrimoCache_Srv_Setup_4.3.0.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4764
    • C:\Users\Admin\AppData\Local\Temp\is-VG1EQ.tmp\PrimoCache_Srv_Setup_4.3.0.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-VG1EQ.tmp\PrimoCache_Srv_Setup_4.3.0.tmp" /SL5="$10004E,6755664,417280,C:\Users\Admin\AppData\Local\Temp\PrimoCache_Srv_Setup_4.3.0.exe"
      2⤵
      • Executes dropped EXE
      PID:3936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-VG1EQ.tmp\PrimoCache_Srv_Setup_4.3.0.tmp
    Filesize

    1.4MB

    MD5

    12cce569ff0f4c682ee3308acfe4d818

    SHA1

    5f9dfc178e4c85fc438381b0ad456ba08b818798

    SHA256

    9ab962babf1dc1379a289441d1bf8ab2732d4e01e24a74213c4e77b34ac92587

    SHA512

    e4c3fd712234e085fe3c29e1a7b27bc51351b24b0e6188a88876404b8765f23acfe9a7347468f32f6a417663e1e2ede232abc1fe5d87b2585bd9df1e2c57d7fe

    Download Submit

  • memory/3936-5-0x0000000002330000-0x0000000002331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3936-8-0x0000000000400000-0x0000000000576000-memory.dmp

    Filesize

    1.5MB

    Download

  • memory/3936-11-0x0000000002330000-0x0000000002331000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4764-0-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download

  • memory/4764-7-0x0000000000400000-0x0000000000470000-memory.dmp

    Filesize

    448KB

    Download