a6e0ce289db711413ba5395a80e50a0ed95c3927448492d3ecde38506227c571

Analysis

max time kernel
122s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 23:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1f9b619074e3ef7c19b296330e290dde.exe
Size

2.0MB
MD5

1f9b619074e3ef7c19b296330e290dde
SHA1

8342d1aa1cef5d5d10ee68a4dfcca4de12599502
SHA256

a6e0ce289db711413ba5395a80e50a0ed95c3927448492d3ecde38506227c571
SHA512

3ae7ef2c3181b44816e0cb7186b113c8e99d97e06a56d7b4babf283cdc342f18273e39c66912c41bdbbabc62303bb8bb998cee9db0234847a521df46ae6784c6
SSDEEP

49152:DKqoP5uG7LG6sjWmlwsg7IklBKZICcDIGXQvh9zK4tMy+iZKnkJeYuFEb:DQP5uGvC9bg7DlBqICchX8W1iZgkJLuo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
1884	f193n15598i0567.exe
2752	13tu7hiem9f2421.exe

Loads dropped DLL 3 IoCs

pid	Process
852	1f9b619074e3ef7c19b296330e290dde.exe
1884	f193n15598i0567.exe
1884	f193n15598i0567.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2752	13tu7hiem9f2421.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 852 wrote to memory of 1884	852	1f9b619074e3ef7c19b296330e290dde.exe	28
PID 852 wrote to memory of 1884	852	1f9b619074e3ef7c19b296330e290dde.exe	28
PID 852 wrote to memory of 1884	852	1f9b619074e3ef7c19b296330e290dde.exe	28
PID 852 wrote to memory of 1884	852	1f9b619074e3ef7c19b296330e290dde.exe	28
PID 852 wrote to memory of 1884	852	1f9b619074e3ef7c19b296330e290dde.exe	28
PID 852 wrote to memory of 1884	852	1f9b619074e3ef7c19b296330e290dde.exe	28
PID 852 wrote to memory of 1884	852	1f9b619074e3ef7c19b296330e290dde.exe	28
PID 1884 wrote to memory of 2752	1884	f193n15598i0567.exe	29
PID 1884 wrote to memory of 2752	1884	f193n15598i0567.exe	29
PID 1884 wrote to memory of 2752	1884	f193n15598i0567.exe	29
PID 1884 wrote to memory of 2752	1884	f193n15598i0567.exe	29
PID 1884 wrote to memory of 2752	1884	f193n15598i0567.exe	29
PID 1884 wrote to memory of 2752	1884	f193n15598i0567.exe	29
PID 1884 wrote to memory of 2752	1884	f193n15598i0567.exe	29

C:\Users\Admin\AppData\Local\Temp\1f9b619074e3ef7c19b296330e290dde.exe
"C:\Users\Admin\AppData\Local\Temp\1f9b619074e3ef7c19b296330e290dde.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:852
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\f193n15598i0567.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\f193n15598i0567.exe" -e -pm1it982889f9266
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1884
- - C:\Users\Admin\AppData\Local\Temp\RarSFX1\13tu7hiem9f2421.exe
    "C:\Users\Admin\AppData\Local\Temp\RarSFX1\13tu7hiem9f2421.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    PID:2752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\f193n15598i0567.exe

Filesize
405KB

MD5
6f7e24dd113aec8ca30c917deb22748d

SHA1
e24fede2d5151a9444766f6d7572ab303647b15a

SHA256
e8aa1674937f928831563879e4b8b998ac30db73a39404a5a72cb9bdfccb4b17

SHA512
3550e4859ab151f0dca45f22ab6f49c478581dd4765c8df8b098462505ab3fe40527a6130fd93ccc30dbcd4b601f58480208c63e8aa64ffa46b621c40fd7ab60

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\f193n15598i0567.exe

Filesize
343KB

MD5
1084e0a72810ad6e5d8a4d3f372ce3d6

SHA1
53d90b7047aacf6391902da89b24c53982004405

SHA256
1c1cd00ce40a5450434cfbea8d6413dba13afb9725cdbe8836fd7868f072cf39

SHA512
b32530f99c71cee3d805308bf606602a64e956613763e3315a7e3d8440f746aa4dbf16f9eb995f9c10c7d6907d962bc216e3f8002de8cba50b93088da8a6301d

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\f193n15598i0567.exe

Filesize
128KB

MD5
54f4d2ce3f4da5b26e4c39bf0c28ec24

SHA1
1d12a1d01f3ccfa64f155f05741fdae0399de26c

SHA256
e315547c8edc5f657a3e7047da98dd6658312ad16bcce3f2e3ce9ef5f95f346c

SHA512
e2618d5946325f5150a4b5d802d2d8a61c863fde548fbf8a74f64319683f16695f5d2c733b4ffce0065167bd083bf0f845bbd76f86981e326d273f86dbf696d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX1\13tu7hiem9f2421.exe

Filesize
20KB

MD5
57d4d527d55ee2d45c2f9b13ae725183

SHA1
4bc18f15803f7b18565104b138f11feab0644507

SHA256
a4f3cd9de7558f984e9dad720d3184a3ff9750c7a3c831caf755d43bd7b306b1

SHA512
887563ed44eb282e925c201c942a2f20fd62dcc370317d008c6b8cb17bcdc33c7cbd225da2d0e556a183744948fd42d42c63d0bb32170d2e8f6eb96b7e685a10

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX1\13tu7hiem9f2421.exe

Filesize
102KB

MD5
3d632504029c9ef0ab4920d89aec5151

SHA1
b6343e2ec08cee67d5a9ee6a415c8aff32188d3c

SHA256
0a434103cff6dfaaffac1ddc0542b7cf20eb5ea17126cd973a413fd29899f736

SHA512
04dd46f631b7ca0cdd48b88d310b4abf2159e0643761f47fd5857d472ad0904d51d7f14ab2ca141ab86e25c8e42dccad33490aa296e79333518a472da5a2d02e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX1\13tu7hiem9f2421.exe

Filesize
143KB

MD5
77ea8de887f9dc4ea91452bd29835254

SHA1
4a77213675e3ff3ee3258d430bffcfb230b19695

SHA256
24eb5d887ce9472186878532118bbd6240138fbaf33e8e79d3ed93122b1ef669

SHA512
62b7405450597a949c02c992ab36dac417e1bdbbc966da88678a6bee7eb54163dee69fe69704f4c2b25ec2392c42dcf61077d19f76c4c3b99fbf4a78797f8f7b

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\f193n15598i0567.exe

Filesize
253KB

MD5
c371a2583c86bf56a499a7d245e1ae13

SHA1
8b33743882fba41469f92ece71fc0af34bdd9ceb

SHA256
953157949be06a498430226fb251eaf753de72e08f483b99f0aed83481521266

SHA512
2f0dad99685731d7044b75a295fafc873840d70a640d0a7b7f5f43bec0825024fb4aa8df8c0d38fb27487d3423aa3eddafd9a15c308df47d47136860cd7bfe12

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX1\13tu7hiem9f2421.exe

Filesize
41KB

MD5
4a468722a3c5d3b79ab259e34d10d43e

SHA1
4e730fc097e9d9fbf840feaf5f2a2a670a2c5cfb

SHA256
77a4abd7c2b392e39059beaa5d0bc16daade2e23541b08630da8835b3c60d36c

SHA512
cd35e4eed34cae877bc53507b4c587932c29224a1716d5f6611c207aa522759afec60c8d0b61c96d95eaa41cda1363a3ee8b4eb14b9056c1d1d6e93375f9ad30

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX1\13tu7hiem9f2421.exe

Filesize
86KB

MD5
7e7a0af5193f683860c982329e79f5ab

SHA1
82c756ec054271cc4de4bd236f9a1cebbab3a0ca

SHA256
a017c7139b04e94e9db5b8a1cab0f0f79d7302a757e939fbae71d9e2cd2411e6

SHA512
784d5866901dc775c320d6b166dd21d11f6d5c8244db22fb1cda4e614d5115af66aa48d7aacaf0e1f5549ff6f782c40a9ead50c05504e23b26a947e178c90219

Download Submit
memory/1884-18-0x0000000003590000-0x0000000003995000-memory.dmp

Filesize
4.0MB

Download
memory/1884-19-0x0000000003590000-0x0000000003995000-memory.dmp

Filesize
4.0MB

Download
memory/2752-49-0x00000000036F0000-0x00000000036F1000-memory.dmp

Filesize
4KB

Download
memory/2752-44-0x0000000003680000-0x0000000003681000-memory.dmp

Filesize
4KB

Download
memory/2752-34-0x00000000034A0000-0x00000000034A1000-memory.dmp

Filesize
4KB

Download
memory/2752-48-0x00000000036C0000-0x00000000036C1000-memory.dmp

Filesize
4KB

Download
memory/2752-55-0x0000000003740000-0x0000000003741000-memory.dmp

Filesize
4KB

Download
memory/2752-54-0x0000000003720000-0x0000000003721000-memory.dmp

Filesize
4KB

Download
memory/2752-57-0x0000000003400000-0x0000000003402000-memory.dmp

Filesize
8KB

Download
memory/2752-56-0x0000000000400000-0x0000000000805000-memory.dmp

Filesize
4.0MB

Download
memory/2752-53-0x0000000003730000-0x0000000003731000-memory.dmp

Filesize
4KB

Download
memory/2752-52-0x0000000003700000-0x0000000003701000-memory.dmp

Filesize
4KB

Download
memory/2752-51-0x0000000003710000-0x0000000003711000-memory.dmp

Filesize
4KB

Download
memory/2752-50-0x00000000036E0000-0x00000000036E1000-memory.dmp

Filesize
4KB

Download
memory/2752-21-0x00000000002B0000-0x000000000030A000-memory.dmp

Filesize
360KB

Download
memory/2752-20-0x0000000000400000-0x0000000000805000-memory.dmp

Filesize
4.0MB

Download
memory/2752-59-0x0000000000400000-0x0000000000805000-memory.dmp

Filesize
4.0MB

Download
memory/2752-60-0x00000000002B0000-0x000000000030A000-memory.dmp

Filesize
360KB

Download
memory/2752-47-0x00000000036D0000-0x00000000036D1000-memory.dmp

Filesize
4KB

Download
memory/2752-46-0x00000000036A0000-0x00000000036A1000-memory.dmp

Filesize
4KB

Download
memory/2752-45-0x00000000036B0000-0x00000000036B1000-memory.dmp

Filesize
4KB

Download
memory/2752-23-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2752-43-0x0000000003690000-0x0000000003691000-memory.dmp

Filesize
4KB

Download
memory/2752-42-0x0000000003660000-0x0000000003661000-memory.dmp

Filesize
4KB

Download
memory/2752-41-0x0000000003670000-0x0000000003671000-memory.dmp

Filesize
4KB

Download
memory/2752-40-0x0000000003640000-0x0000000003641000-memory.dmp

Filesize
4KB

Download
memory/2752-39-0x0000000003650000-0x0000000003651000-memory.dmp

Filesize
4KB

Download
memory/2752-37-0x0000000003630000-0x0000000003631000-memory.dmp

Filesize
4KB

Download
memory/2752-38-0x0000000003620000-0x0000000003621000-memory.dmp

Filesize
4KB

Download
memory/2752-36-0x0000000003600000-0x0000000003601000-memory.dmp

Filesize
4KB

Download
memory/2752-35-0x0000000003610000-0x0000000003611000-memory.dmp

Filesize
4KB

Download
memory/2752-33-0x00000000034B0000-0x00000000034B1000-memory.dmp

Filesize
4KB

Download
memory/2752-32-0x0000000003480000-0x0000000003481000-memory.dmp

Filesize
4KB

Download
memory/2752-31-0x0000000003490000-0x0000000003491000-memory.dmp

Filesize
4KB

Download
memory/2752-30-0x0000000003460000-0x0000000003461000-memory.dmp

Filesize
4KB

Download
memory/2752-29-0x0000000003470000-0x0000000003471000-memory.dmp

Filesize
4KB

Download
memory/2752-28-0x0000000002830000-0x0000000002831000-memory.dmp

Filesize
4KB

Download
memory/2752-26-0x0000000000F00000-0x0000000000F01000-memory.dmp

Filesize
4KB

Download
memory/2752-27-0x0000000003450000-0x0000000003451000-memory.dmp

Filesize
4KB

Download
memory/2752-24-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/2752-25-0x0000000000FC0000-0x0000000000FC1000-memory.dmp

Filesize
4KB

Download
memory/2752-22-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download