3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737

General

Target

3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737.exe
Size

135.5MB
MD5

a29499e8be6b7dea813f205e32eb50fb
SHA1

399f0825c64f8b952028bbf9d979d72201d8558b
SHA256

3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737
SHA512

37ba7e993b84a0f599b53736f30e82b0c715d6785c68b5f6afd9a1de86f67e0ff9d169646614ad0b1cd2c6605abc9f307d1bdeabeb3f6b5d4998b1e55ceb7ad2
SSDEEP

1572864:VmS69jSgB4/OS0ezBbURMPzOebc8vVIMm8V3K8rD0:wS69jSgBWzOeRz0

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion	3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737.exe

C:\Users\Admin\AppData\Local\Temp\3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737.exe
"C:\Users\Admin\AppData\Local\Temp\3c5a1cabe5af02c496c2ca81a873276b7b08013c2612b9823d0556c0845c7737.exe"
1⤵
- Enumerates system info in registry
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Web Service

1

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar34CB.tmp

Filesize
6KB

MD5
bd42d590d1723c05c044677792976391

SHA1
02c280a208be28b7f102d28edd1918b323f5e9b4

SHA256
47e565abc6cf7e6dba36c457d204f63041d0193e9ca61f29bb089217f0094f0d

SHA512
d046ede47bd749e43e1c6f123c5ffab646127c19f1eba5a7e04c97a27429f3ab53fbfd0471c298b57cbad22c882cb54336943eca4afeb0093adcbad293687892

Download Submit
C:\Users\Admin\AppData\Local\Temp\pocket_updater_settings.json

Filesize
623B

MD5
8e16c1045f8ff1110fe90580178afde4

SHA1
efc9131b2f53c0df0f32611a71a8d5e20f2143ad

SHA256
d09820037f96a1cd67b27cb4d150bb246b20fd7cc79983ebd673e6528d9e62cf

SHA512
a39229fb41928daf644842c8b27c0f9565d28668fa3e2d8f48d9d2939268a9315d37bc183357611cb9a7034404952caa7f46eed8531fac58b72da56d3a33b61f

Download Submit
memory/1712-60-0x00000000066D0000-0x0000000006775000-memory.dmp

Filesize
660KB

Download
memory/1712-59-0x0000000002AB0000-0x0000000002AB6000-memory.dmp

Filesize
24KB

Download
memory/1712-52-0x0000000007210000-0x00000000072F9000-memory.dmp

Filesize
932KB

Download
memory/1712-63-0x00000000066D0000-0x0000000006775000-memory.dmp

Filesize
660KB

Download
memory/1712-40-0x0000000002A00000-0x0000000002A3A000-memory.dmp

Filesize
232KB

Download
memory/1712-64-0x0000000005CB0000-0x0000000005CB5000-memory.dmp

Filesize
20KB

Download
memory/1712-0-0x0000000006880000-0x0000000007209000-memory.dmp

Filesize
9.5MB

Download
memory/1712-39-0x00000000029E0000-0x00000000029FD000-memory.dmp

Filesize
116KB

Download
memory/1712-56-0x0000000002AB0000-0x0000000002AB6000-memory.dmp

Filesize
24KB

Download
memory/1712-36-0x00000000029E0000-0x00000000029FD000-memory.dmp

Filesize
116KB

Download
memory/1712-51-0x0000000002AA0000-0x0000000002AA9000-memory.dmp

Filesize
36KB

Download
memory/1712-48-0x0000000002AA0000-0x0000000002AA9000-memory.dmp

Filesize
36KB

Download
memory/1712-47-0x00000000029B0000-0x00000000029D4000-memory.dmp

Filesize
144KB

Download
memory/1712-44-0x00000000029B0000-0x00000000029D4000-memory.dmp

Filesize
144KB

Download
memory/1712-43-0x0000000002A00000-0x0000000002A3A000-memory.dmp

Filesize
232KB

Download
memory/1712-4-0x0000000007E00000-0x00000000089E9000-memory.dmp

Filesize
11.9MB

Download
memory/1712-67-0x0000000005CB0000-0x0000000005CB5000-memory.dmp

Filesize
20KB

Download
memory/1712-32-0x0000000000C60000-0x0000000000C72000-memory.dmp

Filesize
72KB

Download
memory/1712-55-0x0000000007210000-0x00000000072F9000-memory.dmp

Filesize
932KB

Download
memory/1712-29-0x0000000000C60000-0x0000000000C72000-memory.dmp

Filesize
72KB

Download
memory/1712-28-0x0000000000C20000-0x0000000000C35000-memory.dmp

Filesize
84KB

Download
memory/1712-25-0x0000000000C20000-0x0000000000C35000-memory.dmp

Filesize
84KB

Download
memory/1712-24-0x0000000000B70000-0x0000000000B8F000-memory.dmp

Filesize
124KB

Download
memory/1712-21-0x0000000000B70000-0x0000000000B8F000-memory.dmp

Filesize
124KB

Download
memory/1712-20-0x0000000000BF0000-0x0000000000BFC000-memory.dmp

Filesize
48KB

Download
memory/1712-17-0x0000000000BF0000-0x0000000000BFC000-memory.dmp

Filesize
48KB

Download
memory/1712-16-0x0000000006290000-0x0000000006344000-memory.dmp

Filesize
720KB

Download
memory/1712-13-0x0000000006290000-0x0000000006344000-memory.dmp

Filesize
720KB

Download
memory/1712-12-0x0000000000BD0000-0x0000000000BE1000-memory.dmp

Filesize
68KB

Download
memory/1712-9-0x0000000000BD0000-0x0000000000BE1000-memory.dmp

Filesize
68KB

Download
memory/1712-8-0x0000000007E00000-0x00000000089E9000-memory.dmp

Filesize
11.9MB

Download
memory/1712-5-0x0000000000C80000-0x00000000014CF000-memory.dmp

Filesize
8.3MB

Download
memory/1712-3-0x0000000006880000-0x0000000007209000-memory.dmp

Filesize
9.5MB

Download
memory/1712-265-0x0000000000C80000-0x00000000014CF000-memory.dmp

Filesize
8.3MB

Download

Analysis

Sharing