8653f040ae2980e5bd44d1c5296196c4ce1bd7cb006300c2947b09641657d1b7

Analysis

max time kernel
141s
max time network
134s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 21:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1cae01077a9b0ff8f371d48c852b34d1.exe
Size

416KB
MD5

1cae01077a9b0ff8f371d48c852b34d1
SHA1

6c70d80d134bfc985ea0609667886b82d919c2cb
SHA256

8653f040ae2980e5bd44d1c5296196c4ce1bd7cb006300c2947b09641657d1b7
SHA512

98ce0766c027378cad9c870d647595ba0a44d3dd70f0a3d74cc0ada0f8175fb269416e25469d680f5c80bd8feba7760edc82c0270d29992e878ea2d8d264a4a9
SSDEEP

6144:Rq2IxUdMS3GG/O1Uzw4bATNhMF7NVwI//PSFtNLnqel2PAihlThr+ldhmqlqr:Rq8MS18IwmMvMFpKI6TNLnyAqh6lyWqr

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync..exe	1cae01077a9b0ff8f371d48c852b34d1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync..exe	1cae01077a9b0ff8f371d48c852b34d1.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe	1cae01077a9b0ff8f371d48c852b34d1.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2180	1cae01077a9b0ff8f371d48c852b34d1.exe

C:\Users\Admin\AppData\Local\Temp\1cae01077a9b0ff8f371d48c852b34d1.exe
"C:\Users\Admin\AppData\Local\Temp\1cae01077a9b0ff8f371d48c852b34d1.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
PID:2180

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2180-0-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2180-1-0x0000000001D00000-0x0000000001D52000-memory.dmp

Filesize
328KB

Download
memory/2180-2-0x0000000001FF0000-0x0000000001FF1000-memory.dmp

Filesize
4KB

Download
memory/2180-12-0x0000000003330000-0x0000000003331000-memory.dmp

Filesize
4KB

Download
memory/2180-11-0x0000000003320000-0x0000000003322000-memory.dmp

Filesize
8KB

Download
memory/2180-10-0x0000000001FA0000-0x0000000001FA1000-memory.dmp

Filesize
4KB

Download
memory/2180-9-0x0000000001FC0000-0x0000000001FC1000-memory.dmp

Filesize
4KB

Download
memory/2180-8-0x0000000001FB0000-0x0000000001FB1000-memory.dmp

Filesize
4KB

Download
memory/2180-7-0x0000000001FD0000-0x0000000001FD1000-memory.dmp

Filesize
4KB

Download
memory/2180-6-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/2180-5-0x0000000002010000-0x0000000002011000-memory.dmp

Filesize
4KB

Download
memory/2180-4-0x0000000001F80000-0x0000000001F81000-memory.dmp

Filesize
4KB

Download
memory/2180-3-0x0000000001FE0000-0x0000000001FE1000-memory.dmp

Filesize
4KB

Download
memory/2180-13-0x0000000003310000-0x0000000003314000-memory.dmp

Filesize
16KB

Download
memory/2180-14-0x0000000003390000-0x00000000033D0000-memory.dmp

Filesize
256KB

Download
memory/2180-15-0x0000000003390000-0x00000000033D0000-memory.dmp

Filesize
256KB

Download
memory/2180-17-0x0000000003380000-0x0000000003381000-memory.dmp

Filesize
4KB

Download
memory/2180-16-0x0000000003370000-0x0000000003371000-memory.dmp

Filesize
4KB

Download
memory/2180-18-0x0000000000240000-0x0000000000241000-memory.dmp

Filesize
4KB

Download
memory/2180-19-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2180-20-0x0000000003360000-0x0000000003361000-memory.dmp

Filesize
4KB

Download
memory/2180-21-0x0000000003350000-0x0000000003351000-memory.dmp

Filesize
4KB

Download
memory/2180-22-0x0000000003340000-0x0000000003341000-memory.dmp

Filesize
4KB

Download
memory/2180-23-0x0000000000400000-0x000000000047F000-memory.dmp

Filesize
508KB

Download
memory/2180-24-0x0000000001D00000-0x0000000001D52000-memory.dmp

Filesize
328KB

Download