Analysis
-
max time kernel
120s -
max time network
121s -
platform
windows7_x64 -
resource
win7-20231215-en -
resource tags
arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system -
submitted
25/12/2023, 05:22
Behavioral task
behavioral1
Sample
07a55baff3f0989cff1932de7c2187ed.exe
Resource
win7-20231215-en
Behavioral task
behavioral2
Sample
07a55baff3f0989cff1932de7c2187ed.exe
Resource
win10v2004-20231215-en
General
-
Target
07a55baff3f0989cff1932de7c2187ed.exe
-
Size
186KB
-
MD5
07a55baff3f0989cff1932de7c2187ed
-
SHA1
cc30f57cbd65b98734158f9734d092fb4f65d801
-
SHA256
24a5dfdd46040c38afdd85c6ecb248abdce920b48d423f0b803ee5e30d284375
-
SHA512
b7b0ef41f0a1fb2c880c6beff907d9980aeee0b14c4ec71d920497f709fe7778ca95e54d1a8c8f9cae392ece1bb39ccce8fb3040ea9858afc2e6380b8c556018
-
SSDEEP
3072:DXsEMh4Qi7+x8a4f58GgyQl3RGzD6uiushKnsQjY4PwUsOUIgESo6OJ4:DXsEHQiI8acMlAsuY0OUhzSoY
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 896 ins2312.exe -
Loads dropped DLL 4 IoCs
pid Process 2304 07a55baff3f0989cff1932de7c2187ed.exe 2304 07a55baff3f0989cff1932de7c2187ed.exe 2304 07a55baff3f0989cff1932de7c2187ed.exe 2304 07a55baff3f0989cff1932de7c2187ed.exe -
resource yara_rule behavioral1/memory/2304-0-0x0000000000960000-0x00000000009D9000-memory.dmp upx behavioral1/memory/896-20-0x00000000002A0000-0x00000000002E0000-memory.dmp upx behavioral1/memory/2304-21-0x0000000000960000-0x00000000009D9000-memory.dmp upx behavioral1/memory/2304-26-0x0000000000960000-0x00000000009D9000-memory.dmp upx -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
pid Process 896 ins2312.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 896 ins2312.exe -
Suspicious use of SetWindowsHookEx 2 IoCs
pid Process 896 ins2312.exe 896 ins2312.exe -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2304 wrote to memory of 896 2304 07a55baff3f0989cff1932de7c2187ed.exe 15 PID 2304 wrote to memory of 896 2304 07a55baff3f0989cff1932de7c2187ed.exe 15 PID 2304 wrote to memory of 896 2304 07a55baff3f0989cff1932de7c2187ed.exe 15 PID 2304 wrote to memory of 896 2304 07a55baff3f0989cff1932de7c2187ed.exe 15 PID 2304 wrote to memory of 896 2304 07a55baff3f0989cff1932de7c2187ed.exe 15 PID 2304 wrote to memory of 896 2304 07a55baff3f0989cff1932de7c2187ed.exe 15 PID 2304 wrote to memory of 896 2304 07a55baff3f0989cff1932de7c2187ed.exe 15
Processes
-
C:\Users\Admin\AppData\Local\Temp\07a55baff3f0989cff1932de7c2187ed.exe"C:\Users\Admin\AppData\Local\Temp\07a55baff3f0989cff1932de7c2187ed.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2304 -
C:\Users\Admin\AppData\Local\Temp\n2312\ins2312.exe"C:\Users\Admin\AppData\Local\Temp\n2312\ins2312.exe" ins.exe /t102c65da4b9349e0615e908f6c7c28 /e12028019 /u17e89388-634a-11e3-b23b-80c16e6f498c2⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:896
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
62KB
MD5133c534f534099fbeb6d9508014388d1
SHA14ba9794f3b8b00c9b48fbf841e912c19f0402f01
SHA25683e2b9ce6b95f20ed5cce74aa6df646a52725d1dde00e980cd259b048c9e120e
SHA51283c2caebf67113b68e5bf50c054c3fb89ef945c961e0545772ca2579dc482ba65a4751dc627c93fc344b27e50d28e13ec4229e95272b490199a25a733045dd40
-
Filesize
67KB
MD55ef34072035f29418e5000f58b134eba
SHA11536da614f66965ae7fd32ff92a61d55b5da9799
SHA256397b4d7d8232b56217f21e2d6ee4719ae3c6461be0e9022fecd239a1028dcb41
SHA512ff8d80f691ac394109a01c8839369a689521f2e6b5f3619803f4d7379bd381ab6cc1ff22d0f32582fc538d45c95d86120921f085083fe59f5ff9803c082b11dd
-
Filesize
136KB
MD5892ed108f00e85e09a7eabd74c50f0fb
SHA1ed412572426a6e82c6c1d5580e067b93425f246e
SHA2567cd4196b4e5e038dd013474c6b31bbb001476021fa282c8d58390e71f993577d
SHA512619acd23d0c991617b4614b36f6d6d2f83f1d60247ea7f4dbf284d50f03de219dbde19fcf699238a5c22db1ca7ecbc41b0e4f74d2cccc9f0094e504e74f9ad92
-
Filesize
47KB
MD51b5b3cc011fc4ac151bb98e881191282
SHA18d45401b062b76cd518742d762dabbfb6ff5373d
SHA256365b7e0569bcf8dd714aea70da4ec81f2bc71b31b06bd38cfeaf282121641f6f
SHA512f60c98045a9148457990ddb3f3a21d794236608b734457b7a35f65a9b08a3821baaae1511928a6c2499ee1923a53ba3db88d3bb558928e222530545b35e9d0be
-
Filesize
61KB
MD556dc6ba5ef05ec25239747026cd54f0f
SHA1ec1ca4f04b4424836c372e7823b5493838208fbd
SHA25618d36f934d2cdf4eac7fe913a221d63f217c31609f0a49bdfa8c810fb3d27ed2
SHA51203e6ed413d5e804016e56679248077e0069832d19f90e4531e4e8335a3fa64af60ec425d08f141c3d8b0048c2c3de9bc6d69eff75593ee00bc996c421418be32
-
Filesize
52KB
MD50f8d8c88d49dfdea376903e838cd5963
SHA1a33195c49f5dfd6322cf5dd93b68a09145266d23
SHA25646ab7d1f5c5e1d99e758eeadbe4ffe66d9e0b24c081bbe3d82d1bdcfb8819563
SHA51286cccf28e195020ffbfe14f36ea1e0061c62809f4a336bc4f80c234fbddab94b9a8d76da35316546a97773a8513e22ba29f5b7314b17fa4f1da380c1782243f2
-
Filesize
173KB
MD55c674c333ec4a5f37a594b8443b06687
SHA185a0f6fc00d7e22270e5f6bb9e7e8b002c74e0c6
SHA2567c75261fd0099cb8dae538c7729d4a818cfa673e64e29b27ee10b5d3bc51e9d1
SHA5128d4ffc32ce7ff42a5da8e882502ca6a43290ae84ef3ec01be481b375d59a1424273f668c18821b820b77fbf94743c3cdb8bddd5720186f7d3718f51494729024