Analysis

  • max time kernel
    143s
  • max time network
    5s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231222-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/12/2023, 04:23

General

  • Target

    53cb591edf40ab246f08ca516e3a605f.exe

  • Size

    313KB

  • MD5

    53cb591edf40ab246f08ca516e3a605f

  • SHA1

    28569ff37ba592a0bf7903770af1904e8c28b88a

  • SHA256

    24dfc4dc10acf21fac34b5f8f5519d71074a548a18396829a700e9488551bcff

  • SHA512

    aef93a4af3be0262c3eb624980c1d443974afde21394b6b4ff223c4e2533d69448c4e45720cc8ef3abac4d318410a10edc6bca559aa374d2cab58e57a62d03bd

  • SSDEEP

    6144:grJ9uEo2S1YnQmCX492DkwNP3qpYFQiY0Z56GICaNRCVEumbcF6ov5d889PgLVDb:grfu6/eIo4jVW5soVCcQovoO0DJM+EE

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 3 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Maps connected drives based on registry 3 TTPs 2 IoCs

    Disk information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\53cb591edf40ab246f08ca516e3a605f.exe
    "C:\Users\Admin\AppData\Local\Temp\53cb591edf40ab246f08ca516e3a605f.exe"
    1⤵
    • Loads dropped DLL
    • Maps connected drives based on registry
    • Suspicious behavior: EnumeratesProcesses
    PID:4440

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\Tsu64BC4D78.dll

          Filesize

          54KB

          MD5

          4e3e5ab4014079bafa9aca62c87e3888

          SHA1

          b7f378845ac40483e3be6c161da8cb1102559d2b

          SHA256

          39e066633cad5d1e1e8ac16ec9caa23b3673b77c7a80bdf789eceb276223ae07

          SHA512

          8025bd1e79954885a0547f23aa506c95511cc4b2188699f18786ea9e8520d9b2988f65b4fa8d571c7d0abbb2ca23451b873e43b483459a8d1c800da08c1531fd

        • C:\Users\Admin\AppData\Local\Temp\{A269A9D0-C9B1-46E9-A402-8193798A8B26}\Custom.dll

          Filesize

          48KB

          MD5

          f5e78af7b2bf79839795aa7a003e119b

          SHA1

          b8cbcdabd59566e36c71c7330d5e9dad0eabd3d0

          SHA256

          ebb58249071419c047a404cd46e57b41d739e51a3ee8dcbac835a1e9a7e83557

          SHA512

          617407e7ee005976a92bffac5c4bd4782a47531e33ae1b2d550748d81b8f6ef743b6e19d322ea4b84e0c08183b7ac1f6049ffaf3b62803c8cde0ebf2c7bb77ac

        • C:\Users\Admin\AppData\Local\Temp\{A269A9D0-C9B1-46E9-A402-8193798A8B26}\_Setup.dll

          Filesize

          23KB

          MD5

          c4e95d608aea753f97897101fb74dae7

          SHA1

          4dd1cb27a95c96003188840b9647b458d4c00702

          SHA256

          ce1f745d9c024d4ca02684f261334cf733ee4cc2837e615f3e8bc41a54bf445e

          SHA512

          f7a885538eb23f6123588883d99bd401cdecb803ccea380827f5fed91a3470f4f625e219c78e2a7c6c00b5e684475c3260fb1c5f23a3c8e1bdbbe8a75687e85c