6733c00c0df10ca2d054311055e6ca40a521ae2f8ce0624d0cd1bbd76567d552

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/12/2023, 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

075145c14e6928a8c24f9cf24bb6e64b.exe
Size

324KB
MD5

075145c14e6928a8c24f9cf24bb6e64b
SHA1

f8d979737f804b49496a2a0602b300064f1ba0f9
SHA256

6733c00c0df10ca2d054311055e6ca40a521ae2f8ce0624d0cd1bbd76567d552
SHA512

6830fbf6fed2b3789c52badc202949f0b22246913d2e29b497e1b66781c099d0432d8102f3163b8f5d92df4ad4cc7f90c6b013252e6a5954d3f8ecd6b4258bc6
SSDEEP

6144:ilCtShNJh1AOJuhH2YeI4zsdxJFGDpBGuHthrCXuJqZOfPxzGi88ge:NEJhiOUH2YeI4wdFQpBHHCXVZSxzN88R

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
2956	Keygen.exe
2908	7za.exe
2236	ic1.exe

Loads dropped DLL 10 IoCs

pid	Process
2848	075145c14e6928a8c24f9cf24bb6e64b.exe
2956	Keygen.exe
2848	075145c14e6928a8c24f9cf24bb6e64b.exe
2956	Keygen.exe
2848	075145c14e6928a8c24f9cf24bb6e64b.exe
2848	075145c14e6928a8c24f9cf24bb6e64b.exe
2908	7za.exe
2908	7za.exe
2908	7za.exe
2848	075145c14e6928a8c24f9cf24bb6e64b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 2848 wrote to memory of 2956	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	27
PID 2848 wrote to memory of 2956	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	27
PID 2848 wrote to memory of 2956	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	27
PID 2848 wrote to memory of 2956	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	27
PID 2848 wrote to memory of 2956	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	27
PID 2848 wrote to memory of 2956	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	27
PID 2848 wrote to memory of 2956	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	27
PID 2848 wrote to memory of 2908	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	29
PID 2848 wrote to memory of 2908	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	29
PID 2848 wrote to memory of 2908	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	29
PID 2848 wrote to memory of 2908	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	29
PID 2848 wrote to memory of 2908	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	29
PID 2848 wrote to memory of 2908	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	29
PID 2848 wrote to memory of 2908	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	29
PID 2848 wrote to memory of 2236	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	30
PID 2848 wrote to memory of 2236	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	30
PID 2848 wrote to memory of 2236	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	30
PID 2848 wrote to memory of 2236	2848	075145c14e6928a8c24f9cf24bb6e64b.exe	30

C:\Users\Admin\AppData\Local\Temp\075145c14e6928a8c24f9cf24bb6e64b.exe
"C:\Users\Admin\AppData\Local\Temp\075145c14e6928a8c24f9cf24bb6e64b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2848
- C:\Users\Admin\AppData\Local\Temp\Keygen.exe
  "C:\Users\Admin\AppData\Local\Temp\Keygen.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2956
- C:\Users\Admin\AppData\Local\Temp\7za.exe
  C:\Users\Admin\AppData\Local\Temp\7za.exe x C:\Users\Admin\AppData\Local\Temp\a1.7z -aoa -oC:\Users\Admin\AppData\Local\Temp -plolmilf
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2908
- C:\Users\Admin\AppData\Local\Temp\ic1.exe
  "C:\Users\Admin\AppData\Local\Temp\ic1.exe"
  2⤵
  - Executes dropped EXE
  PID:2236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7za.exe

Filesize
233KB

MD5
a5f6f417f9d858d074deaca015fddba3

SHA1
5f81eb95a580ea8063c625955bc919ce99dabe9b

SHA256
36110a150089ce4e4496c250c8e3eaba5f2fab06ba0f631b670b25b065e71f3e

SHA512
a68736ad62b43228ba99fd640746bba5d3a0908291424205a9cd68e56b6692f233e3ba2dc6559675c5e9eb85332fea9b31d7f47bdc60dbf0313a792e4417c563

Download Submit
C:\Users\Admin\AppData\Local\Temp\7za.exe

Filesize
237KB

MD5
5a3ee98d1da2548ec32c475ac3231c1d

SHA1
319a0b3b15a9d0d3a12000b78e10c213f3898e14

SHA256
8ba0fff69fff4c12147b72cc99a729caa1c24a969e5976ebe3617e5c13060c0c

SHA512
8d8038bb26d104c0ffa509b0d74f1749b1dfe22270f73910e237fd46bdcf729f1043c34fcc39168b6f1365dbfd605a22f3bccc10bff97cec46f9151407b7953d

Download Submit
C:\Users\Admin\AppData\Local\Temp\7za.exe

Filesize
199KB

MD5
31eb1b00c03d829b032bbeb3cfc52bea

SHA1
a3d1589027bd50f8ee33a3b552a70e5f507c283d

SHA256
8a8b4b12b159d11f9e10f2b41c94f9556a4facc98de4a7967d99efa4699c8f1d

SHA512
2bae1c3f7942d0eed20c57392f1c38b799f62344283663d9cc6c293000c80406671816d0426239d6fa52723963c66177dcabb5c9408e257c8b5b41e2d3ec5cb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\a1.7z

Filesize
7KB

MD5
b7e6d80b93ee7c6a999f37d31ef27bc3

SHA1
29f7fd90835d168a3293f0964bc307b17e12ddba

SHA256
71c770f1bd0849e0abdda729ba85f81e7d02f1f9507526492d87cde7f04cdf82

SHA512
802e370281c6671f67e61d86b4667239d03349b6d0202030e78437b9fdc9bb97e1c5f6391a1ee733bf17c867a31b51f84e7330fdba02dd4358dd09344bc820d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ic1.exe

Filesize
18KB

MD5
b64b538899d4588a05d7d3db92918448

SHA1
b2d0b29a9c69bac6b22f696474eb031cca664f9a

SHA256
803abec016d53636f2817c972f2c769beb36501fc8bd30c73994958eb94cfb29

SHA512
ba4732c7a25dfdd636009a5ec8597e233c7c2b736b9c08a07dce13de70d9e0e08652b7f323ab590a29b57da12bf6a347675b2103bdfef06a80dbfd555ad09727

Download Submit
\Users\Admin\AppData\Local\Temp\7za.exe

Filesize
345KB

MD5
48ab50e15df3f78e4718b0146d9cfce0

SHA1
cb365e4f3d7d7357e720325b856099d5dcc442d3

SHA256
55623e415820286cfa1268ffa039b898912b8d9fd5f886458d9ff44cccb5b2bf

SHA512
80831853957094283f6ca8d3facd6cc790a88b791adf1164c1b32bb1822292de7e90b6302862c96cffb529c82265bfb69cdee325ad85dee13369faf3d5a696be

Download Submit
\Users\Admin\AppData\Local\Temp\7za.exe

Filesize
198KB

MD5
673c7efca2c2c88fd005f7c3b1755cb4

SHA1
5516b9694754c297ebdf75e2326b5c7177cc4ae2

SHA256
2d02e20a293ac7262e68aa3b4ff9eb97fd4e2552c5f3ab8d1f562256aad1d0ac

SHA512
2dbae925f5c3e830c3fd778475f1ddfa97ef934e16195627f8364a33fdb0733d535683b3d5cdc9af903188fa1d3d6f04bb6e4efd2223548c1d1d4b405d567b4d

Download Submit
\Users\Admin\AppData\Local\Temp\7za.exe

Filesize
207KB

MD5
6385859ab2e6531fc2ce8add643cefff

SHA1
b95c6435086472474fe25ad0adcae7966b9c840a

SHA256
e08c36a30405834a7253f35d16ef1a95cd2162924332292a31f025119ac08e86

SHA512
bf0671fac20093c369d20ed5bb2f3b5bee7045ef1945fe0a9cf08b4ffbe747b6950cae2e5946deab185a1828b2f01884fcf8751c3773ffe479b549ef0933879f

Download Submit
\Users\Admin\AppData\Local\Temp\7za.exe

Filesize
240KB

MD5
6e21995c5e848e0d2fc4a5de7e6e1cea

SHA1
874899b183cffcb927ef9ae8a7e207481b4b1b34

SHA256
d3c327d55d719c7990a237786bc2b901d9e472103527dde6853609c639b8a83d

SHA512
58cfd71c97cec1cee34aaae8613322f88550bf73c4baf3e87bee83811882c0447a9bda284a8d43d0bc408c93e973cfbbfed707de214f66801a59a5b7bc8e764d

Download Submit
\Users\Admin\AppData\Local\Temp\7za.exe

Filesize
252KB

MD5
571607c6b36f03cbf0f1fbe2ac46ac7a

SHA1
c574b4ac4d816e4b1107f322fb5a2320f4412b2c

SHA256
62b7873ec1caee6fc3760b61a31911623d6d6813ea8acd17dff00495149ca599

SHA512
e3e8438541385b1799aceb20c200699afd18b53215a93b62f925a5a0489a5113e8e94e6ddc6aea097204462e3ec70ff7e6a44ecf8555e6435b604f36d619bb39

Download Submit
\Users\Admin\AppData\Local\Temp\Keygen.exe

Filesize
166KB

MD5
8879ab10558b8df58bc7c23ec8a4999c

SHA1
8c8168af29207b5cf2c8fc1aa7d815fc139e7efc

SHA256
6fda7d2da32e218d4909f4538198de3b55b15d03e28f835b2014d53d98ec7e21

SHA512
2a07213bdac6f96a0c009cfba640befb89e6fa2370e67b08001fe77af3e89cd0aa4f381b4d8c5e3f8fa785196489c75cd18d8abdadd3f158de7f662bd72a284f

Download Submit
\Users\Admin\AppData\Local\Temp\nsdD589.tmp\ExecDos.dll

Filesize
5KB

MD5
a7cd6206240484c8436c66afb12bdfbf

SHA1
0bb3e24a7eb0a9e5a8eae06b1c6e7551a7ec9919

SHA256
69ac56d2fdf3c71b766d3cc49b33b36f1287cc2503310811017467dfcb455926

SHA512
b9ee7803301e50a8ec20ab3f87eb9e509ea24d11a69e90005f30c1666acc4ed0a208bd56e372e2e5c6a6d901d45f04a12427303d74761983593d10b344c79904

Download Submit
memory/2236-42-0x0000000000C30000-0x0000000000C90000-memory.dmp

Filesize
384KB

Download
memory/2236-40-0x0000000000AB0000-0x0000000000B30000-memory.dmp

Filesize
512KB

Download
memory/2236-39-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2236-41-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2236-44-0x0000000000AB0000-0x0000000000B30000-memory.dmp

Filesize
512KB

Download
memory/2236-47-0x0000000000AB0000-0x0000000000B30000-memory.dmp

Filesize
512KB

Download
memory/2236-48-0x0000000000AB0000-0x0000000000B30000-memory.dmp

Filesize
512KB

Download
memory/2236-50-0x0000000000AB0000-0x0000000000B30000-memory.dmp

Filesize
512KB

Download
memory/2236-49-0x000007FEF5560000-0x000007FEF5EFD000-memory.dmp

Filesize
9.6MB

Download
memory/2236-51-0x0000000000AB0000-0x0000000000B30000-memory.dmp

Filesize
512KB

Download
memory/2236-52-0x0000000000AB0000-0x0000000000B30000-memory.dmp

Filesize
512KB

Download