e86920515ae2fec695d53fdab9d81473ed00246c8520119f8af9ba89e6b237d1

Analysis

max time kernel
141s
max time network
125s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
25/12/2023, 08:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

10b0f5a73d38ada33282e8a34dd87547.exe
Size

4.9MB
MD5

10b0f5a73d38ada33282e8a34dd87547
SHA1

0d8b52b9ce747c90fb90fc04ee3fc5ba63a5cb5e
SHA256

e86920515ae2fec695d53fdab9d81473ed00246c8520119f8af9ba89e6b237d1
SHA512

40b65092e341e4728d0e27a200c61653d2eefbe032bda298111898a471677af6c8a9d8ecb5286cee128310d43373ef4f0f29846644eaeb5c652f72c393481ebd
SSDEEP

98304:2SzNWR0gMH9ISxVjDNF0XRMMAwU6pJJuj4+Q6C8THx72ux9EnC32JdU8mRXe:qR4H9/bVUa1KJz+THxqux9Jm88EXe

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2136	ONSPEED.exe

Loads dropped DLL 22 IoCs

pid	Process
3020	10b0f5a73d38ada33282e8a34dd87547.exe
3020	10b0f5a73d38ada33282e8a34dd87547.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe
2136	ONSPEED.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2136	ONSPEED.exe
2136	ONSPEED.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 2136	3020	10b0f5a73d38ada33282e8a34dd87547.exe	28
PID 3020 wrote to memory of 2136	3020	10b0f5a73d38ada33282e8a34dd87547.exe	28
PID 3020 wrote to memory of 2136	3020	10b0f5a73d38ada33282e8a34dd87547.exe	28
PID 3020 wrote to memory of 2136	3020	10b0f5a73d38ada33282e8a34dd87547.exe	28
PID 3020 wrote to memory of 2136	3020	10b0f5a73d38ada33282e8a34dd87547.exe	28
PID 3020 wrote to memory of 2136	3020	10b0f5a73d38ada33282e8a34dd87547.exe	28
PID 3020 wrote to memory of 2136	3020	10b0f5a73d38ada33282e8a34dd87547.exe	28
PID 2136 wrote to memory of 2568	2136	ONSPEED.exe	29
PID 2136 wrote to memory of 2568	2136	ONSPEED.exe	29
PID 2136 wrote to memory of 2568	2136	ONSPEED.exe	29
PID 2136 wrote to memory of 2568	2136	ONSPEED.exe	29

C:\Users\Admin\AppData\Local\Temp\10b0f5a73d38ada33282e8a34dd87547.exe
"C:\Users\Admin\AppData\Local\Temp\10b0f5a73d38ada33282e8a34dd87547.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\ONSPEED.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\ONSPEED.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2136
- - C:\Windows\splwow64.exe
    C:\Windows\splwow64.exe 12288
    3⤵
    PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\DIRAPI.dll

Filesize
291KB

MD5
8d529f3f8f7bcd52ed60af71e11b8e9e

SHA1
378733c6eb2b0b0259cab61e7b8ccb9c9ffdf2f3

SHA256
b93d2947553d623b91ee545682fffbfdcc3cae72a06ca700e915dbca05234734

SHA512
8e6dc5809b0361b31112c0c1a9945599b44b838b9d738f34825efc0395763179ebcc311df2e5e7913ab613bffff6293a82db5525826c97e3c9cf867297b932b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\IML32.dll

Filesize
320KB

MD5
0bdf7e3cc954009f912e28058a2395ce

SHA1
64525ec3ee35da2de1b7759b38e84b0f1e490ae9

SHA256
cfca71fd908c59b4741c008bc02502af71d1ebe365adaeb489302a8887e349e7

SHA512
db2f051a3cb675068daa013c5e08db7b8da937e81762d68538f2ab4270353811b559ad4aeb876c12febc5c6bd33721e00baedc06c93612bd177a4bb0f37e8c32

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Resources\localised\countries_en.xml

Filesize
9KB

MD5
778158e15e0606afcdcf08dd17d7755e

SHA1
11cdc3f40d7b81a1172ccf4631a0bcdca4a80c9c

SHA256
7f4a023d1d2e36a74128d5508f903ac42c150a9f6a77e949122b9ab42b7eec7e

SHA512
3d4f0463558c2f5ed473805eb5f8f2ca74b298301e642921dcb03b17ae28db3a0bc7937bfba2a37f192ded9b930a4c516540b53ca69b908662b417703e9dd857

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Resources\localised\en_GB.cct

Filesize
295KB

MD5
72f53c8c786e41442fca986eaf6cdd19

SHA1
f6b7a270ec7f4e3b381db568f900ab32db56edaa

SHA256
0f67bf46f73c57601c495a1c3d6041e715b7538b7e3cc650ad51ee9087741bd7

SHA512
1b388df41c0810e45630a4f26bf9f6384e0e6bc6687af9fc3b7d968480f33f1e5538f5110e709a8693421516de311d1bbfed35cbff4a3d0444196821e46bf354

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Resources\localised\languages.xml

Filesize
108B

MD5
38899eb6e9c4a327e551d488022618bb

SHA1
8bd758e5218ddb626090b227e86e94b29d4b509e

SHA256
811c7d476c34222a1a6df1ed590b72909ed9f118abf5c7d4703345fb41257223

SHA512
0eeeee6c0a629b688c895e82d06d7f71cc891e6881e8fba5fd28b6f991e0210bc629cd0a7885efc3538df0c7a7f4cfe5d32f3c69d95e3da42da7641de28c50e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Resources\localised\locales.xml

Filesize
357B

MD5
85eb0488966942312490c77c773a1889

SHA1
7be8f61cdd809ca3e0da3b08b5581ec780699410

SHA256
ffd4975373d57f5144e872be638a57fe59e913bb61431919a0fcb9456df31953

SHA512
be98c4d7d0d9888ca232109803cf5cbdbd8f5d1f3e19148d82b0f4556445f2495f5d1af701977b0e5ea917e6f8c09fedfed1e11d9f68c7b7638492390cc89ada

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Resources\localised\strings_en.xml

Filesize
335B

MD5
a7a5e764cc536c61dfeeece923bc74dc

SHA1
5a553aab592d6a54f74994fc7f94ad085858fb67

SHA256
da7f50976d589463647867a087240bbf760be4f7d88220f64a49a69bd647b1ef

SHA512
fdb2dbbbf44fa443cc1a00dc61b9552978bd3db577a039054aa183ebc8c3d9b81aa8bdcc011cb45de8f7d34fff3facb6816ddb4c466ac5e97f0bda724a09a1f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Resources\main.dcr

Filesize
86KB

MD5
ec09240bc4efb7d8b6f69e1af37ded30

SHA1
12a10546d076922dd624fa68ba297e4cdc73eaa1

SHA256
f7f69946b9501fffed17e4b0841173655cbdd6292da5f27464d7914e71691852

SHA512
ee20b8910bd4776862c1b9736181ca5abea7f2db3e1c1f508470504a1a8fa973ee10d2d2bec5ecf697c4c4fd6baec06c16cd983011619d1a1d3969a9467bf412

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Resources\plist.xml

Filesize
160B

MD5
0b79c3e22bec986e7202fc88e71a4d39

SHA1
04b318b2e0eade87981c4da8a9977dc6c2aaa92f

SHA256
59d9f5f9b65ef9bae0a2a1a665142a48a78eef530f74784d76a4ac890b105e8a

SHA512
7d1cf94907060d558c8d9e4eadc656b276bdf0e01c7f5ea49899cdab7f5cba7dd467bd77546212eda03a5dae0c3135e1c25e321605dc379f463aac01b9c55a5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\FileIo.x32

Filesize
40KB

MD5
ab94099355f3842a2219b89503b88ba4

SHA1
2a9431f0e8c733bd4bf10fb63eda1268c019df96

SHA256
c7ef5fff90b519c411da75cd89321f07c9cd5f3ee1903120a66f8fe7830998d5

SHA512
d2bf549e10f9e30d1bb0f0567fcf1a3021718c0eb02e55fc025ad99745758ae4f25ab397c4f4f26dba0206760ef3fa68c8d9e4f4ea1ffaee597fd91ae047bf78

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\Flash Asset.x32

Filesize
233KB

MD5
b1cefbd02db8f5b46e3ad58de14ab2ea

SHA1
abfc9579e228949cf36f664e205991e7f10900c0

SHA256
1e684cfad571cf444e53efeb5fad72e4642b2fd30545006900fa5dd30949d47b

SHA512
43e402e61c2e803c72567c460fafeb53013cc9b3a72ebda64faaa3e930c1c04137207a8da5519dccc26e46dfcad9711aa0916b786ef4a72f9a1c71907a5ccfd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\Font Xtra.x32

Filesize
276KB

MD5
a80979e2b5b2119d2d35d3dceb432e0a

SHA1
5c5712be5ac9444d52a1d4e615123ad1fc35eeb2

SHA256
2dd54b208b279dad0a9aeb5f8ea55a0e1867ce9bed6c2fbd2aa1393f5a2f1e81

SHA512
d67ab0ba749b462f39a342f6ac086da00c21cb9ffaaff42b72b05ea3b19e1c2562e1412f5c474270d2c2f67f9646130772d7cc62c7ebee25bf796874814a1654

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\Text Asset.x32

Filesize
96KB

MD5
dc4ad94b324025b4f01169903d48f654

SHA1
625dfedadc1296522da1f65880a4dcb4a7a205fb

SHA256
2864b897dc2eaadfccc71e0dc9672651c0c33388b21870e3dfb887dfda156425

SHA512
e9b5b63009beae724e8933d112631538dc1a7a4df4d44e837598b77533f2841cb2b0999b1bfca32b56c750ef8a0ce5fb3e293a029990f65035b397b4f98cd4d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\TextXtra.x32

Filesize
340KB

MD5
238d08298d1feaf2adc1282f95acb760

SHA1
8b3fcf4281b97490a15b5aefdce644688ec92db4

SHA256
ed96d589e19f9247b2fef98eac0f2e509406c91a8667379724a765b34b53d6ee

SHA512
ba064e67f3009d8526f87f5fc2e5604e8a954e3ef2064b16b634f76c70f1a8f80b0f087b85c6067fdca1405dbd0e7cff17628f560fcd0171068283ee8e6d4438

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\regxtra120.x32

Filesize
56KB

MD5
eeb2e897c016fc9ba98057151f6cd099

SHA1
a4758c9b291768c80eff680705fc0cc2b9fb967c

SHA256
bca6e0b4f95d301a39b629661c0151a3faf2056cc75739b2d3da09f458d24f5c

SHA512
19d4f45bd4a6d95512c693382704c8921222623060c3a91e3e4f87ea3f44ce6c2b41bd2b92044dea13c929fcb126ab5fcf238d66f8e5b9081964bc0c3817159b

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Dirapi.dll

Filesize
376KB

MD5
cd273238bb50abed3131f1e955ee42f4

SHA1
51ffa120d8fdc79f4a2da929dc5ed39e714899e3

SHA256
3cab1ec36b4232ca525412da48765db617381632ae5a14b697b5deb47f404acc

SHA512
f1a24b8791d8c19e949fb7eea63d6c4c2516f784d7fb945264d9f5bfa11cc981e16e802b07e0ac4205019ce71e022c4c7eafe098f4da9f7d3167d42c84bbea4b

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Iml32.dll

Filesize
241KB

MD5
622bed0e41da44b99ba436a03d0cb6d7

SHA1
21048bdc1d21fb915fa5440634b063ff10b47334

SHA256
71dd3109d41d7ec3e742113ebc5d590884759621dd58d03bcba6b93a7b00e963

SHA512
f6f4de091deec0666d6e7f140fac1ece3e5b5167147392d0405c0df0f23c114fb25ef9c65e4ffdcfb9f387f2d251cd15ef810a7494599165b335d94250a11a29

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\ONSPEED.exe

Filesize
142KB

MD5
46aad4be9e106810b780e002b36a39b4

SHA1
65e4029869fbac6b0aaf1b08d3c3389a5a21c50f

SHA256
e1f47766a34a22c7fd8c5e5f9e7e481e5f796061f433294a6968d62c53bcf978

SHA512
71e2d4f49111e4943ac3749f4d42247c0415177eea4a35aece3942c1eb3e79a3bd07ddcdd457aeee9325fd9917b05df714ae1e6ad51649f3300ea98657d7a6c8

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\Proj.dll

Filesize
156KB

MD5
1a9b1d8b21ae6f6a5428b4d23dbfb03e

SHA1
f21087640adab688819bb4fc0bebd3805eadcfac

SHA256
66527d87422569a5975a95920589452d4a9e8ceaa85f004d3de8bc1fd303dc9a

SHA512
54c483e2ffdbf1011831c7f57a90eca89d9a9e3705dff144b1c2031aac2f6c20894ce857a547f328317f03f5930d5f42acc2a0193e800c2e48c46a56010b9ec0

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\FileXtra4.x32

Filesize
120KB

MD5
726b63299389f203a228c81de1acf374

SHA1
470e53a17ed512bce9bf50c7632617fa348e94dd

SHA256
a2b4b1edd1b400173b675d11a84e317a3e4bfd24a32a19eb7f770b12afc07bda

SHA512
3206bcfdc8912afa79981a45de0f6a6fb203bd684c1d775d71a130338f7d8fe774c158718f2361299ee3b81f15ea125928b3427bb21ef7c29b5dedfa033bf140

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\Flash Asset.x32

Filesize
273KB

MD5
ab39cf2c1d5aca68f8f961bb6eca7198

SHA1
5c2effdd8cbbf95d6df2032dedadcd99a00509c1

SHA256
88fd153b4e7cbc30a9ea18631b6408361ba29948363086aafefafd855bf4be3e

SHA512
abc91bb93d614172e6af68ea8b0a33f9872f721692cca133354373354c7a76170e79d59da228913a800fd3e43386f74af134d6d608827214d60683d95eca15df

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\Font Xtra.x32

Filesize
243KB

MD5
ec360e2f139586c126e4a146413362d2

SHA1
61e3b81f5fe8d0c85d84d6d5a873e71e3b72cd6a

SHA256
c38ff06c355da15c1df00f2f015c1a3bf69fd67d7ce1206b388b34866445efce

SHA512
a0c1568824f64b404a4a35af632b6fa582fac6ecf0a78cdc822d8e57baeae200589d8fdc164208a81214d5c99117795cb4a7a19a6469a397f00977a9b4816899

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\INetURL.x32

Filesize
48KB

MD5
bbf9e409b202d855dc0478787e61f020

SHA1
1672357d24662ec34bb636d118b95766159bfc3c

SHA256
62e5870df9e8602d230ea9f645139816dc49ba0dd71fa6334a4a85c1a1758667

SHA512
91d8fec33ad47a4884ae155d31d7144b52a2d878190e4e55c14ed4b827a15f733143ab38ef32805bf0b588459b5eb590a7a8b7757e2ca6a81fcbe0c89c0a70d0

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\Mui Dialog.x32

Filesize
276KB

MD5
5d8c1611132001161124191125b516ce

SHA1
a59a2306d703a4fe90dbba451e31c1f35e3b5b24

SHA256
e87d726b9bd680ce91c7370014e78f405de9a9744321703886a60209e172e6b8

SHA512
319aee12c2e18c304b20ee8252d45e3c05b1d65822543bb432d3e2ec604d1986914618cbdbbe63f2e8913352ced822f97ef6d8560f14e2223077ff740e49b7e6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\NetFile.x32

Filesize
52KB

MD5
54c13b08de727b951b6f939f274afc3b

SHA1
a65694bece193e42e97497ce0f6c4b58ba27f6be

SHA256
b15e895ef5d426d1a56fc6481252732e47ceaea8da5601f3a36fe151a52ff642

SHA512
0f824229cce6b61c0befda3cda6c684a7aca116d91306c9664af0b88de875cd01e3b55f531fffc1d5d28e62126c5327aa04f777540eb53efd2b21c8334ad720b

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\NetLingo.x32

Filesize
48KB

MD5
0f1a473ed662c3615db39cfd19b2a15d

SHA1
d95a089d2a4d4bb0fd018c8c9910732c05eec070

SHA256
829d70b5685977246dce2ec0cc8ea23f9280e397a63f78ffb97ce00573721722

SHA512
23438f51f712d074f121320c0374cdc799638ed44b22f863ed6e79eb4067905ad33552b9181b6b5256ab1fcf909c470312f29af06e1b10ca2a3cc7afa87055fd

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\OSControlXtra.X32

Filesize
133KB

MD5
61e186c9eb5ff89f95a612b47e01e0bd

SHA1
24dc29f8dffb9fd0d83fe6dab752fa253402e735

SHA256
cdca27fe164f1d29b0d00aa4e28dda8ba5cb0c5fabd7675c2fe8f59c7f3f964e

SHA512
ac34edb96700989a7ff71be61543ddbd25fe99c4096de96edecd92aed461d1b80ae15d18abcc18b1b5b26af8cb6ad86417fc9c706373c087a1fbc117a7724de1

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\TextXtra.x32

Filesize
292KB

MD5
d4f2c78b28eed8c63420bb3d65142230

SHA1
78b981a76942b1416859101f3eaa800a1f0b20b4

SHA256
4553e50ec1915adbcdae074c86e87f7cdbc8541562c859fcf876bea400cbfec1

SHA512
aaf9362232d53cff8b549838df137a4e4e914f3ec075a47033049632eaefb1bb2c4890cb8a667adcd6c7dd89f2a36154c1fef18792dbdc3195f89925d4e7f0ac

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\WatcherHelper.x32

Filesize
40KB

MD5
4b7254182a5d2a2afc94244b5b3c6dd9

SHA1
d73b840025dba3cc68240e0dae937bb2bcc94515

SHA256
fc393896f1fd80214de5f0d92e026f0228727ff2bc4b092709b8cc74f12730ab

SHA512
f0f1906b04403a9c9b4ffecd40116e37a93d8b5e7dde5684b768a8132b54c32251c3e692200235ec925903de5ac8a59d675c7b3bf1b4785784f7a03cacad0d9d

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\ONSPEED\xtras\quitMsg.x32

Filesize
24KB

MD5
7a89475ca150df6ab61cd726aaba0912

SHA1
3ba0ddaf0720dd05f24c95a5aea22147d12b04bc

SHA256
16b614c40a2f7e9d5f3e58d02b30c70031140082d46af7d555bb21b268c41c78

SHA512
34db97003527e055ba21b0a3b8a2117c4f94aada24003cebbd9e64b22bc2afc9a3339070d13b8ad78d9a5d3631c3eee71c7d4f4f37fa365f1992637ad30b2ddd

Download Submit
memory/2136-81-0x00000000002F0000-0x0000000000310000-memory.dmp

Filesize
128KB

Download
memory/2136-90-0x00000000004B0000-0x00000000004F5000-memory.dmp

Filesize
276KB

Download
memory/2136-104-0x0000000002340000-0x000000000235B000-memory.dmp

Filesize
108KB

Download
memory/2136-98-0x0000000002310000-0x0000000002338000-memory.dmp

Filesize
160KB

Download
memory/2136-119-0x0000000002340000-0x000000000235B000-memory.dmp

Filesize
108KB

Download
memory/2136-118-0x0000000002310000-0x0000000002338000-memory.dmp

Filesize
160KB

Download
memory/3020-117-0x0000000000400000-0x0000000000426000-memory.dmp

Filesize
152KB

Download