a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2023 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc.exe
Size

5.6MB
MD5

5ea6fa5fccb8d776af87f7772d311cef
SHA1

e484af996a0568da696970a61f8718618f59c043
SHA256

a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc
SHA512

7d200f8e8dd5504a8210e6f2413a199a585254aa001000ecc795d5960a0f3b8a68c90159b1afd553fd6e176cc23d741bba1b687bc6b6ecbdf5d0f59ea9f9eb30
SSDEEP

98304:JiRmxZFsM4kxzDcT+GcY437KvDwEHuujlsaSzsC0p43MpQdZ9nc+fsCb+oSBAON6:YRm1syxacY48eda2TMpQdZ9nc+fyhNjG

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
4928	is-8CCBJ.tmp
4416	IsoBuster_1121.exe
3824	IsoBuster_1121.exe

Loads dropped DLL 1 IoCs

pid	Process
4928	is-8CCBJ.tmp

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	51.159.66.125

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 34 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-A208E.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-8KKBR.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-DUPSD.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-BLVB7.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-TG1MB.tmp	is-8CCBJ.tmp
File opened for modification	C:\Program Files (x86)\Smart Projects\IsoBuster\unins000.dat	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-HPF8T.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Plugins\is-CE1JJ.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-LR2A0.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\is-3JPV9.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-CM1C5.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-JKFKE.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-T8K0N.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Plugins\is-J8J40.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\unins000.dat	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-7TGQH.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Online\is-F51HJ.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Plugins\is-702NS.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Plugins\is-2ENNB.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-8JOLJ.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-V992I.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Online\is-STF13.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Help\is-BPRRS.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-099DL.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-ISSVJ.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\is-VPP8F.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-QC3J7.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-2A1C6.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-LDEQO.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-JAF5L.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-552B8.tmp	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-BQGI7.tmp	is-8CCBJ.tmp
File opened for modification	C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster_1121.exe	is-8CCBJ.tmp
File created	C:\Program Files (x86)\Smart Projects\IsoBuster\Lang\is-49KQ0.tmp	is-8CCBJ.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Runs net.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 1408 wrote to memory of 4928	1408	a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc.exe	88
PID 1408 wrote to memory of 4928	1408	a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc.exe	88
PID 1408 wrote to memory of 4928	1408	a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc.exe	88
PID 4928 wrote to memory of 8	4928	is-8CCBJ.tmp	91
PID 4928 wrote to memory of 8	4928	is-8CCBJ.tmp	91
PID 4928 wrote to memory of 8	4928	is-8CCBJ.tmp	91
PID 4928 wrote to memory of 4416	4928	is-8CCBJ.tmp	93
PID 4928 wrote to memory of 4416	4928	is-8CCBJ.tmp	93
PID 4928 wrote to memory of 4416	4928	is-8CCBJ.tmp	93
PID 8 wrote to memory of 2940	8	net.exe	94
PID 8 wrote to memory of 2940	8	net.exe	94
PID 8 wrote to memory of 2940	8	net.exe	94
PID 4928 wrote to memory of 3824	4928	is-8CCBJ.tmp	97
PID 4928 wrote to memory of 3824	4928	is-8CCBJ.tmp	97
PID 4928 wrote to memory of 3824	4928	is-8CCBJ.tmp	97

C:\Users\Admin\AppData\Local\Temp\a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc.exe
"C:\Users\Admin\AppData\Local\Temp\a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1408
- C:\Users\Admin\AppData\Local\Temp\is-7EPC7.tmp\is-8CCBJ.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-7EPC7.tmp\is-8CCBJ.tmp" /SL4 $50118 "C:\Users\Admin\AppData\Local\Temp\a8a62ffac7566fb42a71fdac951df4152903ded130de732c6577b6ca33d431fc.exe" 5597940 141824
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:4928
- - C:\Windows\SysWOW64\net.exe
    "C:\Windows\system32\net.exe" helpmsg 2
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:8
  - - C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 2
      4⤵
      PID:2940
- - C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster_1121.exe
    "C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster_1121.exe" -i
    3⤵
    - Executes dropped EXE
    PID:4416
- - C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster_1121.exe
    "C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster_1121.exe" -s
    3⤵
    - Executes dropped EXE
    PID:3824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster_1121.exe

Filesize
4.4MB

MD5
81bf17b6bc712eec07e481349afc3dbc

SHA1
eedecca191d3a6b1f16483714343fe1019d7fc62

SHA256
81baf334067384061f84fb8335cd811aa22984601ad103e3f575f0a5cb9a639b

SHA512
3aa53bfc176d2313e7a02c8f3511e1892adcacf02ee28135e5ae46b1224fdfaef6ddcba8b5f9b340c40c39d22b87d23468401df2c84ac57c57fdeabf2f302171

Download Submit
C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster_1121.exe

Filesize
4.4MB

MD5
81bf17b6bc712eec07e481349afc3dbc

SHA1
eedecca191d3a6b1f16483714343fe1019d7fc62

SHA256
81baf334067384061f84fb8335cd811aa22984601ad103e3f575f0a5cb9a639b

SHA512
3aa53bfc176d2313e7a02c8f3511e1892adcacf02ee28135e5ae46b1224fdfaef6ddcba8b5f9b340c40c39d22b87d23468401df2c84ac57c57fdeabf2f302171

Download Submit
C:\Program Files (x86)\Smart Projects\IsoBuster\IsoBuster_1121.exe

Filesize
4.4MB

MD5
81bf17b6bc712eec07e481349afc3dbc

SHA1
eedecca191d3a6b1f16483714343fe1019d7fc62

SHA256
81baf334067384061f84fb8335cd811aa22984601ad103e3f575f0a5cb9a639b

SHA512
3aa53bfc176d2313e7a02c8f3511e1892adcacf02ee28135e5ae46b1224fdfaef6ddcba8b5f9b340c40c39d22b87d23468401df2c84ac57c57fdeabf2f302171

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7EPC7.tmp\is-8CCBJ.tmp

Filesize
642KB

MD5
e57693101a63b1f934f462bc7a2ef093

SHA1
2748ea8c66b980f14c9ce36c1c3061e690cf3ce7

SHA256
71267ff94c9fc72cbffaeed3bc2f33cef1eeb1887c29c574d7f26595d1a6235f

SHA512
3dcda686a85b19a9c7b4c96d132e90ed43c7df13ce9456beb2b88c278d8068cc3abcbfe25b1607c7b8281d276efb24809730f352927b326254f3208cbdf54a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-7EPC7.tmp\is-8CCBJ.tmp

Filesize
642KB

MD5
e57693101a63b1f934f462bc7a2ef093

SHA1
2748ea8c66b980f14c9ce36c1c3061e690cf3ce7

SHA256
71267ff94c9fc72cbffaeed3bc2f33cef1eeb1887c29c574d7f26595d1a6235f

SHA512
3dcda686a85b19a9c7b4c96d132e90ed43c7df13ce9456beb2b88c278d8068cc3abcbfe25b1607c7b8281d276efb24809730f352927b326254f3208cbdf54a3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-FUHUD.tmp\_iscrypt.dll

Filesize
2KB

MD5
a69559718ab506675e907fe49deb71e9

SHA1
bc8f404ffdb1960b50c12ff9413c893b56f2e36f

SHA256
2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

SHA512
e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

Download Submit
memory/1408-0-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1408-2-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1408-92-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/3824-91-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-99-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-134-0x0000000000AE0000-0x0000000000B84000-memory.dmp

Filesize
656KB

Download
memory/3824-139-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-89-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-127-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-142-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-133-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-94-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-130-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-98-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-135-0x0000000000AE0000-0x0000000000B84000-memory.dmp

Filesize
656KB

Download
memory/3824-102-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-105-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-108-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-111-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-112-0x0000000000AE0000-0x0000000000B84000-memory.dmp

Filesize
656KB

Download
memory/3824-113-0x0000000000AE0000-0x0000000000B84000-memory.dmp

Filesize
656KB

Download
memory/3824-117-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-120-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/3824-121-0x0000000000AE0000-0x0000000000B84000-memory.dmp

Filesize
656KB

Download
memory/3824-124-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/4416-84-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/4416-86-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/4416-87-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/4416-82-0x0000000000400000-0x000000000086F000-memory.dmp

Filesize
4.4MB

Download
memory/4928-95-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/4928-93-0x0000000000400000-0x00000000004CF000-memory.dmp

Filesize
828KB

Download
memory/4928-7-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download