Overview

overview

7

Static

static

3

16bcc082ed...58.exe

windows7-x64

7

16bcc082ed...58.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20231215-en
  • resource tags

    arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
  • submitted
    30/12/2023, 11:05

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    16bcc082eda1c8221b791a4d47f31758.exe

  • Size

    418KB

  • MD5

    16bcc082eda1c8221b791a4d47f31758

  • SHA1

    c818ab18b034652a086a80b32f7cb430fa934acd

  • SHA256

    66e92baf8dd8c64fbffe1353b713d2b9b0d5986d66caada66f65379889510104

  • SHA512

    f2db83f51e6fcba8c43770e326cf2aa429e169e67d879c163998264b709c9d39743951875968bbdcf227a774a7896e1f063f38303de57ccb60ea3c2ac809a08a

  • SSDEEP

    12288:UJ1BIyL8J/vvFVtcOOc3G/NdWxCS3G4EnaT9jgiy:ULk/ZSWxCS24EnaTJg

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 10 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\16bcc082eda1c8221b791a4d47f31758.exe
    "C:\Users\Admin\AppData\Local\Temp\16bcc082eda1c8221b791a4d47f31758.exe"
    1⤵
    • Drops startup file
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    PID:2432

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          344B

          MD5

          ad1897201b2f8ab8938044b640a968e1

          SHA1

          c0c87e3334f9d7b5bb5783f9e1d03ca22f14ed05

          SHA256

          9c21572312c87b044c22b3e550caa45f0c6306bb935d102d94c8800e0fc6353d

          SHA512

          7ab29387eb3a01ca655583f39cf54277c8f74ffb5260ac4f5174332a1de7498e82cb953a87b598a70f73d7f8ee0fe5c22d230b5f140b4e101de30eeeb3bcd933

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Cab7570.tmp
          Filesize

          65KB

          MD5

          ac05d27423a85adc1622c714f2cb6184

          SHA1

          b0fe2b1abddb97837ea0195be70ab2ff14d43198

          SHA256

          c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

          SHA512

          6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\Tar764E.tmp
          Filesize

          171KB

          MD5

          9c0c641c06238516f27941aa1166d427

          SHA1

          64cd549fb8cf014fcd9312aa7a5b023847b6c977

          SHA256

          4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

          SHA512

          936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

          Download Submit

        • \ProgramData\Microsoft Network\System.exe
          Filesize

          418KB

          MD5

          16bcc082eda1c8221b791a4d47f31758

          SHA1

          c818ab18b034652a086a80b32f7cb430fa934acd

          SHA256

          66e92baf8dd8c64fbffe1353b713d2b9b0d5986d66caada66f65379889510104

          SHA512

          f2db83f51e6fcba8c43770e326cf2aa429e169e67d879c163998264b709c9d39743951875968bbdcf227a774a7896e1f063f38303de57ccb60ea3c2ac809a08a

          Download Submit