Overview

overview

7

Static

static

3

tuc7.exe

windows7-x64

7

tuc7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    144s
  • max time network
    142s
  • platform
    windows7_x64
  • resource
    win7-20231130-en
  • resource tags

    arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
  • submitted
    10/12/2023, 20:31

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    tuc7.exe

  • Size

    6.9MB

  • MD5

    c6929fd4bbf5c4ebf91a0d26a50aea7a

  • SHA1

    342d8880e590afe4d4818c0c341f035ac6b01c4b

  • SHA256

    2b2bd5a6642340b1511e2c37d4eba8e2bdcbe72db692a2e5c58f09eb40b158f4

  • SHA512

    f56a251487aec385eaf7f0c8fbc50f26c7714b45c6afef46bf4d7f06157ec8ecde8208cdea46f3480706eede053fbf7dc9bf19520b0cdbd9efe3ced53b3d55a9

  • SSDEEP

    196608:2A89BmaeXRdyXFnlUrU7o7Bz3HzNNn1jnNnTfMImG0zj:GBmakyVnlUQ7Wz3Tv1jNTh0zj

Score
7/10
discovery

Malware Config

Signatures

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 6 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 63 IoCs
  • Runs net.exe
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\is-NSSNC.tmp\tuc7.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-NSSNC.tmp\tuc7.tmp" /SL5="$40026,6977575,54272,C:\Users\Admin\AppData\Local\Temp\tuc7.exe"
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:3004
    • C:\Windows\SysWOW64\schtasks.exe
      "C:\Windows\system32\schtasks.exe" /Query
      2⤵
        PID:1984
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -i
        2⤵
        • Executes dropped EXE
        PID:1992
      • C:\Program Files (x86)\CRTGame\crtgame.exe
        "C:\Program Files (x86)\CRTGame\crtgame.exe" -s
        2⤵
        • Executes dropped EXE
        PID:2956
      • C:\Windows\SysWOW64\net.exe
        "C:\Windows\system32\net.exe" helpmsg 10
        2⤵
        • Suspicious use of WriteProcessMemory
        PID:2848
    • C:\Users\Admin\AppData\Local\Temp\tuc7.exe
      "C:\Users\Admin\AppData\Local\Temp\tuc7.exe"
      1⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:2872
    • C:\Windows\SysWOW64\net1.exe
      C:\Windows\system32\net1 helpmsg 10
      1⤵
        PID:1736

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              128KB

              MD5

              bc83d1fbe01ad49c45ebabccbaa0d1a8

              SHA1

              2f12c123b3da3160ff2ee63129f4822f0397ae16

              SHA256

              6b7bd4885e7860c38ef1d3ded421287d975fd383d743ff4b4cbf022386fc68c5

              SHA512

              4de6268efb9ff509d45b5915438df195533f832f6ee96efe13ce5195aea73d42a403ba2342cd93bf6b1d1c7c01fd283463d23c734db1891e81ad34a0e939766a

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              225KB

              MD5

              beeb6ec080378e21de77afda6eddac41

              SHA1

              5435ad754d3940b79ada0e6d294abfca8cc42fb7

              SHA256

              243ef22909ee4bf35bdc592892086aeb5f0065e7910ba880fec93d111192909f

              SHA512

              cf96005ec07bbbabc3162c28ac99a749b2cbdeb23f75cdd8c91af2dbc36775887a1a71bb56b2b6a1b60db58ce3a5d9597994c78f26a4bf53d074656f57773305

              Download Submit

            • C:\Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              208KB

              MD5

              131fde7f56e0e0274c60fb9623b5b852

              SHA1

              2df163896f4047b37c32b4d13b307a2bdefe6f26

              SHA256

              00b66fba34932e6745830a2f8e372d38e8047bdfa6f068364c7f34570e6d7844

              SHA512

              c3cfa329dbc1e67bb93785e7d6ba92dd6545d12edb9c8b4884c088fd207e375f16bf12cfc4ef0d24842f3f4b23a04e910d651769a1ae6a581283f6e8b73141c8

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-NSSNC.tmp\tuc7.tmp
              Filesize

              224KB

              MD5

              6317dd448df81dc2f4c2adfba8877788

              SHA1

              68a5fcce4faa4389cd41f11a909b66c620777376

              SHA256

              b66aa0223ff5874218c5733ec11395c471ecd1ac48eef3d8ab47f5d3d6117d0e

              SHA512

              adcf1b7e5441f34d6d5dc951be47208230992b8fe1aed94f17fc9bc4a32bfc4e4cabab716b971b96e5e8fc6a1c94a11d413d058085e7e49aeb8b5d16bd3e6427

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\is-NSSNC.tmp\tuc7.tmp
              Filesize

              250KB

              MD5

              dfaaa2efe17ce1e86167636d364ddc7d

              SHA1

              0f8a0e55aa82858f4e78c2bcb14e00ad0e3a05bf

              SHA256

              d1b29e1e21c4dde63e3dd1d3a26e30c260399cda42c01dc9f7fe80994af41320

              SHA512

              e80cf9272e3cfb607a3025965a5d2a46a0f9470f064f0b0205a12b228a81ecb7212fc1d8afda3273ecd0e093f024f42330245c7c291d59b0ff2a6752289fc196

              Download Submit

            • \Program Files (x86)\CRTGame\crtgame.exe
              Filesize

              118KB

              MD5

              c36d45547e07a910843df663f04be7c0

              SHA1

              8845f3f916136902c399c17947f897370140518a

              SHA256

              24e7321b05ff481e1c83aa81522dab1fa6427eb362372f7571dc1fe0540da3f3

              SHA512

              be18d9c68d77f4a1e59e23c6213b6626b50f6cb8d2eb649f6a284e8a3d4697974d967fc43b3f7e1d5fa9c7270716f7705b362ac86d89c32a599bfa68f6c12c68

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-K94EG.tmp\_isetup\_iscrypt.dll
              Filesize

              2KB

              MD5

              a69559718ab506675e907fe49deb71e9

              SHA1

              bc8f404ffdb1960b50c12ff9413c893b56f2e36f

              SHA256

              2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

              SHA512

              e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-K94EG.tmp\_isetup\_isdecmp.dll
              Filesize

              19KB

              MD5

              3adaa386b671c2df3bae5b39dc093008

              SHA1

              067cf95fbdb922d81db58432c46930f86d23dded

              SHA256

              71cd2f5bc6e13b8349a7c98697c6d2e3fcdeea92699cedd591875bea869fae38

              SHA512

              bbe4187758d1a69f75a8cca6b3184e0c20cf8701b16531b55ed4987497934b3c9ef66ecd5e6b83c7357f69734f1c8301b9f82f0a024bb693b732a2d5760fd303

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-K94EG.tmp\_isetup\_shfoldr.dll
              Filesize

              22KB

              MD5

              92dc6ef532fbb4a5c3201469a5b5eb63

              SHA1

              3e89ff837147c16b4e41c30d6c796374e0b8e62c

              SHA256

              9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

              SHA512

              9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

              Download Submit

            • \Users\Admin\AppData\Local\Temp\is-NSSNC.tmp\tuc7.tmp
              Filesize

              334KB

              MD5

              0a526609bdfd250cab5f57a5948a99bc

              SHA1

              b3f4f9a7dc0146e7be20c27f19dc0577eeff83d9

              SHA256

              cdf83f6afe30a566473f60abc828a9f51ee6394f84096fcd3c09aa25426a56ad

              SHA512

              f59b353937f226c291045d87e8de622b6332bc69fde7a90dc7ffdc189ca8903a7fc7665afd30c13bd80080088afe775f3d74db72a7de9d023a9c2052a3b11a11

              Download Submit

            • memory/1992-153-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1992-154-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1992-157-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/1992-158-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2872-163-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2872-0-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2872-2-0x0000000000400000-0x0000000000414000-memory.dmp

              Filesize

              80KB

              Download

            • memory/2956-186-0x0000000002A20000-0x0000000002AC2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/2956-192-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-162-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-212-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-208-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-165-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-205-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-169-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-170-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-173-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-176-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-179-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-182-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-202-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-183-0x0000000002A20000-0x0000000002AC2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/2956-189-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-160-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-193-0x0000000002A20000-0x0000000002AC2000-memory.dmp

              Filesize

              648KB

              Download

            • memory/2956-196-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/2956-199-0x0000000000400000-0x000000000061E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3004-15-0x00000000001D0000-0x00000000001D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3004-166-0x00000000001D0000-0x00000000001D1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/3004-152-0x0000000003750000-0x000000000396E000-memory.dmp

              Filesize

              2.1MB

              Download

            • memory/3004-164-0x0000000000400000-0x00000000004BC000-memory.dmp

              Filesize

              752KB

              Download