a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a

Analysis

max time kernel
138s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2023 03:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
Size

2.4MB
MD5

30e1293f173645ca049c0425fcfdb33b
SHA1

95b08f02728bb6ed49f347a449c17acccacd52ca
SHA256

a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a
SHA512

5b9c9ea95a6e2e36b0449f7384afd0a71c32d3ea5dc394036a5706af9e0995e91d439777cc46a355542fc476e88509c5d7d11bae767e1d08d371a596b648d521
SSDEEP

49152:a1RTK36PPrVVVwX1kTCusRDAMNMh9M0u2utxW:Kq6PPrVVVwFkSRMqMzM0u2u

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2232	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe

Loads dropped DLL 2 IoCs

pid	Process
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
2232	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Fonts\uepttf.dll	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
File created	C:\Windows\Fonts\pgsift.dll	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
660	Process not Found

Suspicious behavior: RenamesItself 1 IoCs

pid	Process
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
2232	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
2232	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
2232	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3144 wrote to memory of 2232	3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe	84
PID 3144 wrote to memory of 2232	3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe	84
PID 3144 wrote to memory of 2232	3144	a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe	84

C:\Users\Admin\AppData\Local\Temp\a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
"C:\Users\Admin\AppData\Local\Temp\a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: RenamesItself
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3144
- C:\Users\Admin\AppData\Local\Temp\a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe
  C:\Users\Admin\AppData\Local\Temp\a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe --
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:2232

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\a05ce12b38c7cc6f62bb35c0e1a93160aca35eadc9ddc878fac9dd34ee6a447a.exe

Filesize
2.4MB

MD5
7aca4a61ba9b247fb01041b3dcc8884e

SHA1
6a2570f744a76f413a16404edf6802008cffff16

SHA256
6ddea4262211ca1c5051635ff7908a401641f3b497babdf53a963323a3300a01

SHA512
dd57591204228cec9836ab892f7404306848a636539ef06ff0e4c8b3846a46fe6e1a3330557e870daba9fccba27cca22d6c28db9db50bf3e5a1558af3db09ba4

Download Submit
C:\Windows\Fonts\pgsift.dll

Filesize
1.4MB

MD5
43713472f56ed83073fbe046e05255b4

SHA1
9b654bc3aa5e1c9a03cb7ad70cb0fc39ce224a00

SHA256
43d5fee3b2a5fbebb0ed8c2e134b5ec0d8d488eefe12143d1f244b4129a02d32

SHA512
4df86437fe92afe5aa568f181c143908394dd694e0f92710e9c907cb807732f0a6e87dd85316d8540a038f3935814f775726abc4572b8e855adec2b057dd6adb

Download Submit
C:\Windows\Fonts\pgsift.dll

Filesize
1.4MB

MD5
43713472f56ed83073fbe046e05255b4

SHA1
9b654bc3aa5e1c9a03cb7ad70cb0fc39ce224a00

SHA256
43d5fee3b2a5fbebb0ed8c2e134b5ec0d8d488eefe12143d1f244b4129a02d32

SHA512
4df86437fe92afe5aa568f181c143908394dd694e0f92710e9c907cb807732f0a6e87dd85316d8540a038f3935814f775726abc4572b8e855adec2b057dd6adb

Download Submit
C:\Windows\Fonts\uepttf.dll

Filesize
1.4MB

MD5
43713472f56ed83073fbe046e05255b4

SHA1
9b654bc3aa5e1c9a03cb7ad70cb0fc39ce224a00

SHA256
43d5fee3b2a5fbebb0ed8c2e134b5ec0d8d488eefe12143d1f244b4129a02d32

SHA512
4df86437fe92afe5aa568f181c143908394dd694e0f92710e9c907cb807732f0a6e87dd85316d8540a038f3935814f775726abc4572b8e855adec2b057dd6adb

Download Submit