dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a

Analysis

max time kernel
244s
max time network
256s
platform
windows10-1703_x64
resource
win10-20231020-en
resource tags

arch:x64arch:x86image:win10-20231020-enlocale:en-usos:windows10-1703-x64system
submitted
26-11-2023 22:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe
Size

5.4MB
MD5

a833ac03e32636fc362245a98a1db5d8
SHA1

b16b486c311b8082c9d6ec9dbcc7c9b417d607fb
SHA256

dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a
SHA512

661a748a94804a6cbf9dadcc66d509e49e121da9c72b35deb816889c2909d6371b20a3c25ce1efba41ba6a07e40b851bb377609690b11c1d4815dc7561e77bfa
SSDEEP

98304:8vcG8JpZVHAa5RjlsDWVynuSonGw6SGYQzIObVAjWeJiuj9133vWhUZR1:8dMXBjp09AR6EQzEfb/fR1

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 5 IoCs

pid	Process
1488	Utsysc.exe
3684	Utsysc.exe
3328	Utsysc.exe
4568	Utsysc.exe
788	Utsysc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3240	schtasks.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2360	dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe
2360	dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe
1488	Utsysc.exe
1488	Utsysc.exe
3684	Utsysc.exe
3684	Utsysc.exe
3328	Utsysc.exe
3328	Utsysc.exe
4568	Utsysc.exe
4568	Utsysc.exe
788	Utsysc.exe
788	Utsysc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2360	dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2360 wrote to memory of 1488	2360	dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe	71
PID 2360 wrote to memory of 1488	2360	dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe	71
PID 2360 wrote to memory of 1488	2360	dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe	71
PID 1488 wrote to memory of 3240	1488	Utsysc.exe	72
PID 1488 wrote to memory of 3240	1488	Utsysc.exe	72
PID 1488 wrote to memory of 3240	1488	Utsysc.exe	72

C:\Users\Admin\AppData\Local\Temp\dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe
"C:\Users\Admin\AppData\Local\Temp\dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2360
- C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
  "C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:1488
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN Utsysc.exe /TR "C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:3240

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3684

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3328

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4568

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe
1⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:788

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.4MB

MD5
a833ac03e32636fc362245a98a1db5d8

SHA1
b16b486c311b8082c9d6ec9dbcc7c9b417d607fb

SHA256
dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a

SHA512
661a748a94804a6cbf9dadcc66d509e49e121da9c72b35deb816889c2909d6371b20a3c25ce1efba41ba6a07e40b851bb377609690b11c1d4815dc7561e77bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.4MB

MD5
a833ac03e32636fc362245a98a1db5d8

SHA1
b16b486c311b8082c9d6ec9dbcc7c9b417d607fb

SHA256
dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a

SHA512
661a748a94804a6cbf9dadcc66d509e49e121da9c72b35deb816889c2909d6371b20a3c25ce1efba41ba6a07e40b851bb377609690b11c1d4815dc7561e77bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.4MB

MD5
a833ac03e32636fc362245a98a1db5d8

SHA1
b16b486c311b8082c9d6ec9dbcc7c9b417d607fb

SHA256
dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a

SHA512
661a748a94804a6cbf9dadcc66d509e49e121da9c72b35deb816889c2909d6371b20a3c25ce1efba41ba6a07e40b851bb377609690b11c1d4815dc7561e77bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.4MB

MD5
a833ac03e32636fc362245a98a1db5d8

SHA1
b16b486c311b8082c9d6ec9dbcc7c9b417d607fb

SHA256
dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a

SHA512
661a748a94804a6cbf9dadcc66d509e49e121da9c72b35deb816889c2909d6371b20a3c25ce1efba41ba6a07e40b851bb377609690b11c1d4815dc7561e77bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.4MB

MD5
a833ac03e32636fc362245a98a1db5d8

SHA1
b16b486c311b8082c9d6ec9dbcc7c9b417d607fb

SHA256
dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a

SHA512
661a748a94804a6cbf9dadcc66d509e49e121da9c72b35deb816889c2909d6371b20a3c25ce1efba41ba6a07e40b851bb377609690b11c1d4815dc7561e77bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.4MB

MD5
a833ac03e32636fc362245a98a1db5d8

SHA1
b16b486c311b8082c9d6ec9dbcc7c9b417d607fb

SHA256
dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a

SHA512
661a748a94804a6cbf9dadcc66d509e49e121da9c72b35deb816889c2909d6371b20a3c25ce1efba41ba6a07e40b851bb377609690b11c1d4815dc7561e77bfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\b64c58644b\Utsysc.exe

Filesize
5.4MB

MD5
a833ac03e32636fc362245a98a1db5d8

SHA1
b16b486c311b8082c9d6ec9dbcc7c9b417d607fb

SHA256
dbb847ea6b20254f86ce62ec96de831295334adc2328ae9818adc7576acccd6a

SHA512
661a748a94804a6cbf9dadcc66d509e49e121da9c72b35deb816889c2909d6371b20a3c25ce1efba41ba6a07e40b851bb377609690b11c1d4815dc7561e77bfa

Download Submit
memory/788-74-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/788-75-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/788-71-0x0000000001890000-0x0000000001891000-memory.dmp

Filesize
4KB

Download
memory/788-73-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/788-78-0x00000000034D0000-0x00000000034D1000-memory.dmp

Filesize
4KB

Download
memory/788-77-0x00000000034C0000-0x00000000034C1000-memory.dmp

Filesize
4KB

Download
memory/788-79-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/788-82-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/788-76-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/788-72-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/1488-24-0x0000000001700000-0x0000000001701000-memory.dmp

Filesize
4KB

Download
memory/1488-26-0x0000000001720000-0x0000000001721000-memory.dmp

Filesize
4KB

Download
memory/1488-27-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/1488-30-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/1488-19-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/1488-25-0x0000000001710000-0x0000000001711000-memory.dmp

Filesize
4KB

Download
memory/1488-23-0x00000000015E0000-0x00000000015E1000-memory.dmp

Filesize
4KB

Download
memory/1488-22-0x00000000015B0000-0x00000000015B1000-memory.dmp

Filesize
4KB

Download
memory/1488-20-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/1488-21-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/2360-6-0x00000000030E0000-0x00000000030E1000-memory.dmp

Filesize
4KB

Download
memory/2360-0-0x00000000011E0000-0x00000000011E1000-memory.dmp

Filesize
4KB

Download
memory/2360-8-0x0000000000820000-0x000000000114B000-memory.dmp

Filesize
9.2MB

Download
memory/2360-7-0x00000000030F0000-0x00000000030F1000-memory.dmp

Filesize
4KB

Download
memory/2360-5-0x0000000001990000-0x0000000001991000-memory.dmp

Filesize
4KB

Download
memory/2360-3-0x00000000015D0000-0x00000000015D1000-memory.dmp

Filesize
4KB

Download
memory/2360-4-0x00000000016F0000-0x00000000016F1000-memory.dmp

Filesize
4KB

Download
memory/2360-2-0x00000000011F0000-0x00000000011F1000-memory.dmp

Filesize
4KB

Download
memory/2360-1-0x0000000000820000-0x000000000114B000-memory.dmp

Filesize
9.2MB

Download
memory/2360-18-0x0000000000820000-0x000000000114B000-memory.dmp

Filesize
9.2MB

Download
memory/3328-46-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/3328-48-0x0000000001480000-0x0000000001481000-memory.dmp

Filesize
4KB

Download
memory/3328-49-0x0000000001490000-0x0000000001491000-memory.dmp

Filesize
4KB

Download
memory/3328-50-0x00000000014A0000-0x00000000014A1000-memory.dmp

Filesize
4KB

Download
memory/3328-51-0x00000000014B0000-0x00000000014B1000-memory.dmp

Filesize
4KB

Download
memory/3328-52-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/3328-53-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/3328-56-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/3328-47-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/3328-45-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/3684-39-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/3684-43-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/3684-32-0x0000000000460000-0x0000000000461000-memory.dmp

Filesize
4KB

Download
memory/3684-33-0x0000000000470000-0x0000000000471000-memory.dmp

Filesize
4KB

Download
memory/3684-34-0x0000000000480000-0x0000000000481000-memory.dmp

Filesize
4KB

Download
memory/3684-35-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/3684-36-0x0000000000B10000-0x0000000000B11000-memory.dmp

Filesize
4KB

Download
memory/3684-37-0x0000000000B20000-0x0000000000B21000-memory.dmp

Filesize
4KB

Download
memory/3684-38-0x0000000002CB0000-0x0000000002CB1000-memory.dmp

Filesize
4KB

Download
memory/3684-40-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/4568-65-0x0000000000B00000-0x0000000000B01000-memory.dmp

Filesize
4KB

Download
memory/4568-58-0x0000000000A80000-0x0000000000A81000-memory.dmp

Filesize
4KB

Download
memory/4568-59-0x0000000000A90000-0x0000000000A91000-memory.dmp

Filesize
4KB

Download
memory/4568-69-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/4568-64-0x0000000000AF0000-0x0000000000AF1000-memory.dmp

Filesize
4KB

Download
memory/4568-66-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download
memory/4568-60-0x0000000000AA0000-0x0000000000AA1000-memory.dmp

Filesize
4KB

Download
memory/4568-63-0x0000000000AE0000-0x0000000000AE1000-memory.dmp

Filesize
4KB

Download
memory/4568-62-0x0000000000AD0000-0x0000000000AD1000-memory.dmp

Filesize
4KB

Download
memory/4568-61-0x0000000000B30000-0x000000000145B000-memory.dmp

Filesize
9.2MB

Download