23faa0fe68446ceef7d8b2f5ef3ae79803085fae28449b360443c5bc4ebc51fa

Analysis

max time kernel
3s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30/12/2023, 02:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0b7bf1b024382718b97c9c7159c6dacb.exe
Size

562KB
MD5

0b7bf1b024382718b97c9c7159c6dacb
SHA1

dcdacda7a9f43d83969dd5e7a17a6a89042bbaa0
SHA256

23faa0fe68446ceef7d8b2f5ef3ae79803085fae28449b360443c5bc4ebc51fa
SHA512

4f8b14bc4d59d1a049b4ea1f3d8d3402282b6cf8a9b5c73ade3f82c5b2d6d1651a6c3dafddd5afbfb7ed9403b3190e603ea0663af1900fd7155e45374bb77f3f
SSDEEP

12288:oPwMDD1dxDx5SCbpK2h6Ieu96aUT7dxIfLbdi8R+3z2fsd:kt9jF5JU2h6IlLUTUvdRRaz2fs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2680	DownloadManager.exe

Loads dropped DLL 8 IoCs

pid	Process
3048	0b7bf1b024382718b97c9c7159c6dacb.exe
3048	0b7bf1b024382718b97c9c7159c6dacb.exe
3048	0b7bf1b024382718b97c9c7159c6dacb.exe
3048	0b7bf1b024382718b97c9c7159c6dacb.exe
3048	0b7bf1b024382718b97c9c7159c6dacb.exe
3048	0b7bf1b024382718b97c9c7159c6dacb.exe
3048	0b7bf1b024382718b97c9c7159c6dacb.exe
3048	0b7bf1b024382718b97c9c7159c6dacb.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2680	DownloadManager.exe
2680	DownloadManager.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3048 wrote to memory of 2680	3048	0b7bf1b024382718b97c9c7159c6dacb.exe	21
PID 3048 wrote to memory of 2680	3048	0b7bf1b024382718b97c9c7159c6dacb.exe	21
PID 3048 wrote to memory of 2680	3048	0b7bf1b024382718b97c9c7159c6dacb.exe	21
PID 3048 wrote to memory of 2680	3048	0b7bf1b024382718b97c9c7159c6dacb.exe	21

C:\Users\Admin\AppData\Local\Temp\0b7bf1b024382718b97c9c7159c6dacb.exe
"C:\Users\Admin\AppData\Local\Temp\0b7bf1b024382718b97c9c7159c6dacb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3048
- C:\Users\Admin\AppData\Local\Temp\DM_ljbwu3dH1u\DownloadManager.exe
  DownloadManager.exe "C:\Users\Admin\AppData\Local\Temp\0b7bf1b024382718b97c9c7159c6dacb.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\DM_ljbwu3dH1u\ApplicationDebug.log

Filesize
228B

MD5
9e3cfcdd4fd754e893f2d79629cc8377

SHA1
3a93fc958d20ed83c80e6f0801627958f3aac746

SHA256
70a4351b30f7c4dbfe017dded1645fc22d3d030713f0edc9401a8d1dd8a0c788

SHA512
355428b837405350009c2292067e5246d8c07bd19312284db27ed13b8ee23af8d386389d778680b40f875350825d16e5add49dd157ec196aad40591b1d486965

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM_ljbwu3dH1u\DownloadManager.exe

Filesize
7KB

MD5
65c4a7687716afe5a1fd5659d2e1cada

SHA1
5477695c7a63032188d95d947e758756e4896863

SHA256
15ae69e98dd55f19e11ae69003d5a66cd73083918b88740bd3c48e7934c76e16

SHA512
be55f4d6fb910a9149b6955fd4eaf5a558a03c94a3466b8031b4cf1e0e9e6590c55cacc2e18dfe2019a18f57d76b6e6435ccfd321b3f19a73628dcab253f8837

Download Submit
C:\Users\Admin\AppData\Local\Temp\DM_ljbwu3dH1u\DownloadManager.exe

Filesize
19KB

MD5
dd381c4ac6e2cdb87114904cd2f266db

SHA1
934ebae733bae800e293a801c9fa28e9b60b873f

SHA256
64722a41985e2fcf314c08a2c8a267e660d8bd73c9fb9f78bd5e701fbf75d9c8

SHA512
7a211e10cd1facabd040f76092cd09fe36154f5e7efdc66ca2146e625913a261eb3d15d5bdde7691dd644154ad54138893e7f071dd8b8d3e044dabab1557a510

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso45F7.tmp\System.dll

Filesize
7KB

MD5
f9b20b3d57e05ea55a0396696e46749e

SHA1
6f0d5f7e409191d61e9e497b04199b88f50ed7bd

SHA256
b7cfb1b588bbe033fa92ac851a8b6e239c2d03f863e66d22dcf1accdd9e8a8a5

SHA512
dbc9444ce3b5a77973576473862b20cb2489a54fbbccdfb5ea386ca4dba77387704ae2d9b5b9f3ddfbbba9a62dee1402ccecc5a6eefb0888464054ee48d6be9a

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso45F7.tmp\UserInfo.dll

Filesize
4KB

MD5
031ec9b12afb1fafc9fc397f3b90f29c

SHA1
de26ddfe3ef452f8205bfbd5520a8eff6328619f

SHA256
2dc320488b636b9dce9581a95e5a833a07500622c1a64fc05023ba6482d2a6e1

SHA512
cbebded4e3a87234899e2b67121f898c9060671d25088b7de29bbcbda90a5410dd3afd110417caa6c46ba656e1a863da39127e15c2122fedaa5054f4d43b90a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso45F7.tmp\inetc.dll

Filesize
21KB

MD5
d7a3fa6a6c738b4a3c40d5602af20b08

SHA1
34fc75d97f640609cb6cadb001da2cb2c0b3538a

SHA256
67eff17c53a78c8ec9a28f392b9bb93df3e74f96f6ecd87a333a482c36546b3e

SHA512
75cf123448567806be5f852ebf70f398da881e89994b82442a1f4bc6799894e799f979f5ab1cc9ba12617e48620e6c34f71e23259da498da37354e5fd3c0f934

Download Submit
\Users\Admin\AppData\Local\Temp\DM_ljbwu3dH1u\DownloadManager.exe

Filesize
23KB

MD5
0ff2d85621b6a192ba7e1877f593c540

SHA1
53f4bade168ba29b2a08b6ab117d49c347d3c2af

SHA256
179a29578d3ed3f486125e0c8e854765061ca2a397776afe8f7f50b4564d3e9b

SHA512
dfa0a790ae384593c2b6e7c5ba085774dafb1ccd94117079b4f0da4eed7f70ad8034e1f348a0c12022d6c9a4b68dfa3c8c093f143d3d1da84169f8a3438da98c

Download Submit
\Users\Admin\AppData\Local\Temp\DM_ljbwu3dH1u\DownloadManager.exe

Filesize
16KB

MD5
c4d3fdfcd70e1f7c76e3606e990810a6

SHA1
d9da4267b9dfb0d2a78a74a9953ffa9f0ae36065

SHA256
5ab2ab64b8f57811bef8a62580f9d314c6127405497207c65eff43a034852330

SHA512
1c6a11e1088b424ea366c096b48bcaac72cbb200089b1115850af329c8235e7ff6923a83238d1e6900366641c3b5b754b2cb1fe81e5761f100ae7dc626f23b88

Download Submit
\Users\Admin\AppData\Local\Temp\nso45F7.tmp\System.dll

Filesize
9KB

MD5
c48f1ea4cd77c4c94b29259fc32a2169

SHA1
929212c63c0c2ba9d18519dfbdf7748895dc459f

SHA256
b028d71f8ccc9d4ac87e3cf8f4162c0c2a740f835ea69603d87192fa28a32516

SHA512
c694bdc0a701ddcdd56f90ebac0d8499146f787255b88746fd01d01b6392f1ea1e85f1654faad5583db7103fbfe963e224c0f04f93d42c372e53300094ca46c4

Download Submit
\Users\Admin\AppData\Local\Temp\nso45F7.tmp\System.dll

Filesize
11KB

MD5
a436db0c473a087eb61ff5c53c34ba27

SHA1
65ea67e424e75f5065132b539c8b2eda88aa0506

SHA256
75ed40311875312617d6711baed0be29fcaee71031ca27a8d308a72b15a51e49

SHA512
908f46a855480af6eacb2fb64de0e60b1e04bbb10b23992e2cf38a4cbebdcd7d3928c4c022d7ad9f7479265a8f426b93eef580afec95570e654c360d62f5e08d

Download Submit
\Users\Admin\AppData\Local\Temp\nso45F7.tmp\UserInfo.dll

Filesize
1KB

MD5
4a6fcc67b65db753178497171b13a9dc

SHA1
918e433c1e2583fcc5bf7e6ba63c9635302ecfc9

SHA256
05d8843913f72d0f4c260c6562a6784928103df77f3cc108521acc9e373ee8b4

SHA512
bdffeaf9e87fe169cbf518bf97e0e651e834aaa16ce42d8596d9caf7f4377ff646975a27bb73b65993d50b321697561b3ba2fb11a0d5162dc315c097e702d8cb

Download Submit
\Users\Admin\AppData\Local\Temp\nso45F7.tmp\inetc.dll

Filesize
5KB

MD5
7c0dd544285730ff41d39355f7a022c8

SHA1
f476e3d177ee8dc61c582c4151ca624fdcfd6ebc

SHA256
5a6fb7710a5e8672272337a010ab505ba0e5cb067f169a8d798ada1048c97bd1

SHA512
a9d4e1b6d36141f8d0434814c40c9f5fb2e1521d7e3ec1d2263acf98cf3d52b4fb21b5bada4f841f8050022ba2404291ac14fae2167d7e2607e065923e26d9ac

Download Submit
\Users\Admin\AppData\Local\Temp\nso45F7.tmp\pwgen.dll

Filesize
16KB

MD5
a555472395178ac8c733d90928e05017

SHA1
f44b192d66473f01a6540aaec4b6c9ac4c611d35

SHA256
82ae08fced4a1f9a7df123634da5f4cb12af4593a006bef421a54739a2cbd44e

SHA512
e6d87b030c45c655d93b2e76d7437ad900df5da2475dd2e6e28b6c872040491e80f540b00b6091d16bc8410bd58a1e82c62ee1b17193ef8500a153d4474bb80a

Download Submit
memory/2680-39-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/2680-45-0x0000000000B80000-0x0000000000C00000-memory.dmp

Filesize
512KB

Download
memory/2680-44-0x0000000000B80000-0x0000000000C00000-memory.dmp

Filesize
512KB

Download
memory/2680-43-0x0000000000B80000-0x0000000000C00000-memory.dmp

Filesize
512KB

Download
memory/2680-46-0x0000000000B80000-0x0000000000C00000-memory.dmp

Filesize
512KB

Download
memory/2680-47-0x0000000020EC0000-0x0000000021666000-memory.dmp

Filesize
7.6MB

Download
memory/2680-53-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/2680-42-0x0000000000B80000-0x0000000000C00000-memory.dmp

Filesize
512KB

Download
memory/2680-41-0x000007FEF5FD0000-0x000007FEF696D000-memory.dmp

Filesize
9.6MB

Download
memory/2680-40-0x0000000000B80000-0x0000000000C00000-memory.dmp

Filesize
512KB

Download