117ee48c6693cb89622f5ba822e7c751c4d4c2518adf3ee2935fb95a83952f29

Analysis

max time kernel
120s
max time network
131s
platform
windows7_x64
resource
win7-20231020-en
resource tags

arch:x64arch:x86image:win7-20231020-enlocale:en-usos:windows7-x64system
submitted
16/11/2023, 21:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

WebScanInstaller.exe
Size

182KB
MD5

b084e67a76f98a99f2fb83c93a48962d
SHA1

c96d6d3c7b09ffa641ff7da222c2b8aec5f7aa22
SHA256

117ee48c6693cb89622f5ba822e7c751c4d4c2518adf3ee2935fb95a83952f29
SHA512

706aed4c7abe132d52dc33db0a0848bfdb3dd759af4a5b489ed280811e70b3494991b2a365ff43fe76bada5d3044f33c5970a74d1927425ed1fdbd5949978a47
SSDEEP

3072:Dn1/uEAgDPdkBlyFZ+ScjaiKWbETBquAEXlqsW9G29TeOSpXaehd3Y/I8O9qE:D1OgDPdkBAFZWjadD4s8Tkp9T3hDB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2732	InstallAssistant.exe

Loads dropped DLL 6 IoCs

pid	Process
2364	WebScanInstaller.exe
2364	WebScanInstaller.exe
2364	WebScanInstaller.exe
2364	WebScanInstaller.exe
2732	InstallAssistant.exe
2732	InstallAssistant.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2732	InstallAssistant.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2732	InstallAssistant.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2732	2364	WebScanInstaller.exe	27
PID 2364 wrote to memory of 2732	2364	WebScanInstaller.exe	27
PID 2364 wrote to memory of 2732	2364	WebScanInstaller.exe	27
PID 2364 wrote to memory of 2732	2364	WebScanInstaller.exe	27
PID 2364 wrote to memory of 2732	2364	WebScanInstaller.exe	27
PID 2364 wrote to memory of 2732	2364	WebScanInstaller.exe	27
PID 2364 wrote to memory of 2732	2364	WebScanInstaller.exe	27

C:\Users\Admin\AppData\Local\Temp\WebScanInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\WebScanInstaller.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe
  "C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe" -g ConfirmStrongCryptoTLS1.2,Scanner-DCC,WebScan
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2732

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe.Config

Filesize
337B

MD5
502defcc5459ff001e4ee03ed59ec6ad

SHA1
89f559c95a46dd87d6893e04b40db2cff2ddc25d

SHA256
ba1fa80ccb28cffbac6c34fce05b68360f63dc2c0ad447c941de9f4e3a4df4c0

SHA512
579f62ce7d2fb259a0d3307f129dd7d3fb89a07b1eaaa28e402657e8658130ea8790d26b15004a2e234a6b185a5aee9b4c8add72f8b489542e906bc607f33249

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.ico

Filesize
31KB

MD5
c33f8080a5087e595dc2001d4282fd76

SHA1
df4215f093be9de249a246c95db57a61d009bbb2

SHA256
437c814628d524416a2ba039d0f57de559e6f5db6c5173df9cdbb1dc98013615

SHA512
8a0cd3df919dfb9d24f6261f64a1058b74935cf588bea3bb5ec82587d79633dbce704f279b92dc9a1a4ae9c2c0fde3df94413ccf3490a447e7d3e27985c733ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\Resources\Configuration.en-US.xml

Filesize
7KB

MD5
efc005b189592b9401f780d2d6b0a87a

SHA1
dd8214b8be100e20411f23bfd85af4eb0842794b

SHA256
2d3ccde510bdd5a7e201151ea8a1eb8b2c8bd999d9074979e0b2ad6167bc3e3f

SHA512
bbaa95db8dc2a789b7980279947771341ebf97551829b2978cb3b4bc313dfbdd13cceb788700d448fb1cf0190dddcb44bdf828cc07cf2ea659081f6959cc9c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\Resources\InstallAssistResources.en-US.xml

Filesize
24KB

MD5
30e50cd03a9f07d5e5e9830aebec6f92

SHA1
504c87fa58fc466674863813c35d42d1bc98e32b

SHA256
ece66290c7f88a8184219cba489099248b2b48513f79850352d867898dca1bd0

SHA512
f7840ecf2cc570e22daa4a50ce963218c3f551830abf38528dfaeedbfac49298bfacb003c87addf0cb1b913df46999e777e48dc11ba1da6d75c95fbe38678e2e

Download Submit
\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
\Users\Admin\AppData\Local\Temp\7zSAADF.tmp\InstallAssistant.exe

Filesize
70KB

MD5
f725ca5578718e79f41c1438c49d6c0a

SHA1
a8d804d26efdfcae0d12018826887590aa1e7143

SHA256
3a44fbf5a1a9c28c7ee5358c50ac2b781a4b83728b1c83909294050d36fea985

SHA512
1e433618ce3dde8104b50c3ae4b49a9a93a226aff9be0039e40bd686b1c04cc595cf37375d2d027f1c0c08353785366087e1e5395bed6394bd42791353dd699c

Download Submit
memory/2732-27-0x00000000012D0000-0x00000000012E6000-memory.dmp

Filesize
88KB

Download
memory/2732-31-0x0000000001230000-0x0000000001270000-memory.dmp

Filesize
256KB

Download
memory/2732-32-0x0000000001230000-0x0000000001270000-memory.dmp

Filesize
256KB

Download
memory/2732-33-0x0000000001230000-0x0000000001270000-memory.dmp

Filesize
256KB

Download