Analysis

  • max time kernel
    117s
  • max time network
    121s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    22/12/2023, 00:07

General

  • Target

    30a9b1c51b6ce3cd0a3f21a86d5a943b.exe

  • Size

    5.5MB

  • MD5

    30a9b1c51b6ce3cd0a3f21a86d5a943b

  • SHA1

    51225885759708c9aaa0c549bccc4f0df4b91989

  • SHA256

    493d0ba19f480e39541089c0ddbed0825c61d3cf9bf5824a56cda5646e8c8c9a

  • SHA512

    7d336ea84a0fe02efb5e6cd1287a409eeaef44359563bc43c49703493db91cade7dda40fcc53bcc0cfaf97a6d8d98e121f0019b41b53d8323f2e39387437a3aa

  • SSDEEP

    98304:cCCjzRY0cyKXwmUC1dH2dnqEqjhfv2bOfPhFf0McQn3lI0ZE:cCVdyKRUCXWdqEqFfvv/0MX1Z

Score
7/10

Malware Config

Signatures

  • VMProtect packed file 3 IoCs

    Detects executables packed with VMProtect commercial packer.

  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\30a9b1c51b6ce3cd0a3f21a86d5a943b.exe
    "C:\Users\Admin\AppData\Local\Temp\30a9b1c51b6ce3cd0a3f21a86d5a943b.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2212
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c Color B
      2⤵
        PID:1112
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c cls
        2⤵
          PID:2624

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

              Filesize

              344B

              MD5

              574cf61f7c04020135423ca187bf3989

              SHA1

              a757fa05953a17d05f58e6bb808f5ab1a8aeffd1

              SHA256

              be329fc79f1d829ed0bff2b4b90b4a39e8d3b8ea9808227c2ff0ec7fffde3e02

              SHA512

              5f504159979ffe9ee0ad2bd1aed200ad9e300c1a257aab4ef0cb2736d51fe95329d4cc25f449ac25e8b6f058b9fe8093d5d035db1e0619ea8e50bb4f7e91a61d

            • C:\Users\Admin\AppData\Local\Temp\CabADAF.tmp

              Filesize

              65KB

              MD5

              ac05d27423a85adc1622c714f2cb6184

              SHA1

              b0fe2b1abddb97837ea0195be70ab2ff14d43198

              SHA256

              c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

              SHA512

              6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

            • C:\Users\Admin\AppData\Local\Temp\TarAE6D.tmp

              Filesize

              171KB

              MD5

              9c0c641c06238516f27941aa1166d427

              SHA1

              64cd549fb8cf014fcd9312aa7a5b023847b6c977

              SHA256

              4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

              SHA512

              936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

            • memory/2212-0-0x00000000778F0000-0x00000000778F2000-memory.dmp

              Filesize

              8KB

            • memory/2212-2-0x00000000778F0000-0x00000000778F2000-memory.dmp

              Filesize

              8KB

            • memory/2212-3-0x000000013FFD0000-0x0000000140998000-memory.dmp

              Filesize

              9.8MB

            • memory/2212-5-0x00000000778F0000-0x00000000778F2000-memory.dmp

              Filesize

              8KB

            • memory/2212-7-0x0000000077740000-0x00000000778E9000-memory.dmp

              Filesize

              1.7MB

            • memory/2212-6-0x000000013FFD0000-0x0000000140998000-memory.dmp

              Filesize

              9.8MB

            • memory/2212-72-0x000000013FFD0000-0x0000000140998000-memory.dmp

              Filesize

              9.8MB

            • memory/2212-73-0x0000000077740000-0x00000000778E9000-memory.dmp

              Filesize

              1.7MB