Analysis

  • max time kernel
    120s
  • max time network
    122s
  • platform
    windows7_x64
  • resource
    win7-20231129-en
  • resource tags

    arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
  • submitted
    25/12/2023, 05:08

General

  • Target

    06db6ad7de70064ba8e809d6e393cd6c.exe

  • Size

    877KB

  • MD5

    06db6ad7de70064ba8e809d6e393cd6c

  • SHA1

    91eaeb9027a2ddd24240c40d33a73cf00855dce5

  • SHA256

    ab9127fc33e433f855b366f6838bbd2ed2d509f8abc94f51786dce6db79f22e9

  • SHA512

    fa733426007aefc0c7686e6c0142fefb15b29e92bfaae38c5d6eedc161958acd32c291ae1f69e58de409589e1144d41af8bb3b4f05b1bf01079ed33c834ba6c0

  • SSDEEP

    24576:MYMLKmtvPyHu71iNpRiby9pNg4W7HMeG3bOAHCwp:niKmHyO0Pwp7s1b

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 4 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 14 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\06db6ad7de70064ba8e809d6e393cd6c.exe
    "C:\Users\Admin\AppData\Local\Temp\06db6ad7de70064ba8e809d6e393cd6c.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1244
    • C:\Users\Admin\AppData\Local\Temp\06db6ad7de70064ba8e809d6e393cd6c.exe
      "C:\Users\Admin\AppData\Local\Temp\06db6ad7de70064ba8e809d6e393cd6c.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:2936
      • C:\Users\Admin\AppData\Local\Temp\06db6ad7de70064ba8e809d6e393cd6c.exe
        "C:\Users\Admin\AppData\Local\Temp\06db6ad7de70064ba8e809d6e393cd6c.exe"
        3⤵
        • Loads dropped DLL
        • Checks whether UAC is enabled
        PID:2264

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • \Users\Admin\AppData\Local\Temp\N6XeBWu22lgrTuo4MKQ\extramod.dll

          Filesize

          73KB

          MD5

          fb60ba7ef530e0ec3844f0090dbeba80

          SHA1

          81bceda0455fa6733d9ff6023eb7a4add3f45da2

          SHA256

          c9a466b02fcf12a9451581cc34b17711aebb208ef6d59a3a9352c400721f1f12

          SHA512

          bb23caaaca156dc7a4ba46ebe5f0da443b6cbeaefc5beafb55762015c60f35f794e1ae2036fc95f69921401f91a9bf9590dc96415d60204e060de4a6a188b297

        • \Users\Admin\AppData\Local\Temp\N6XeBWu22lgrTuo4MKQ\loading_screen.dll

          Filesize

          5KB

          MD5

          44dac7f87bdf94d553f8d2cf073d605d

          SHA1

          21bf5d714b9fcab32ba40ff7d36e48c378b67a06

          SHA256

          0e7dedad1360a808e7ab1086ff1fffa7b72f09475c07a6991b74a6c6b78ccf66

          SHA512

          92c6bf81d514b3a07e7796843200a78c17969720776b03c0d347aeefedb8f1269f6aac642728a38544836c1f17c594d570718d11368dc91fe5194ee5e83e1774

        • \Users\Admin\AppData\Local\Temp\N6XeBWu22lgrTuo4MKQ\lua51.dll

          Filesize

          391KB

          MD5

          2df0ef7c23b82df9df7ea202f6830a4d

          SHA1

          183557ef8fd6d99b554b00237c5a94802bc5ea72

          SHA256

          b2111fb5cdd97d7a8faf1b155682310597f0e301838eb88f403f533ad6b9b13e

          SHA512

          037cf49d93520211c50bc6abf8d3bbde0da286b505cefabfa05198f8c2b62801c8c1ba21d2f3f18424626cd53908e1faa3ba733a02c86cc461019e72d69d9cd4

        • \Users\Admin\AppData\Local\Temp\N6XeBWu22lgrTuo4MKQ\shared_library.dll

          Filesize

          93KB

          MD5

          c8a54c077e00ee08720437b3e2eda5c5

          SHA1

          ecc6103eea1f4c14d37cdf6d10bfa43beea65de7

          SHA256

          e74d5e5e54e647c0c9b1ab86e171698c4a00ebc6471316202cd336e875d1fa0d

          SHA512

          99a9a426cf29fdd5f377c99e22aa8a58a32ec6d2d823779ff81ff59b87b8c036afb65e268ac422cab78ef20e85c56dd6b5b783e98e6cf7ccaed3b29327edb881

        • memory/2264-5-0x0000000000350000-0x0000000000366000-memory.dmp

          Filesize

          88KB

        • memory/2264-20-0x000000007EF00000-0x000000007EF10000-memory.dmp

          Filesize

          64KB

        • memory/2264-14-0x000000007EF90000-0x000000007EFA0000-memory.dmp

          Filesize

          64KB

        • memory/2264-13-0x000000007EFA0000-0x000000007EFB0000-memory.dmp

          Filesize

          64KB

        • memory/2264-10-0x00000000004E0000-0x0000000000516000-memory.dmp

          Filesize

          216KB