998a9ec980103557b8d5dd8712daf5f9c9c349d22b63fb2f6a1cb0f86232ce9c

Analysis

max time kernel
161s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ca38a30ab317120dd0f0d2c6c5a1edd04259cf63269c7121707c9bc70f239d7.exe
Size

3.6MB
MD5

72b5dabb54b8e5670356196f7acb1451
SHA1

b276e1f3adef604c3c3a3ef81b85cc1eef5eda8e
SHA256

9ca38a30ab317120dd0f0d2c6c5a1edd04259cf63269c7121707c9bc70f239d7
SHA512

66e769bdf04a92a23c616184b5f5fe5bbb060f9749a4e62d571835286fa5d7d1025d6be0be4387f2d3e2deca44155a8dd5e814ba8d20ab55985beba7fa509423
SSDEEP

98304:TWMpvfckkBJM/tBFENRK+pvpIpW1afQtU1/a:TWMpvfpq2BELKmvYo

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3664	install.exe

Loads dropped DLL 2 IoCs

pid	Process
3664	install.exe
3664	install.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	9ca38a30ab317120dd0f0d2c6c5a1edd04259cf63269c7121707c9bc70f239d7.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 3664	2364	9ca38a30ab317120dd0f0d2c6c5a1edd04259cf63269c7121707c9bc70f239d7.exe	91
PID 2364 wrote to memory of 3664	2364	9ca38a30ab317120dd0f0d2c6c5a1edd04259cf63269c7121707c9bc70f239d7.exe	91
PID 2364 wrote to memory of 3664	2364	9ca38a30ab317120dd0f0d2c6c5a1edd04259cf63269c7121707c9bc70f239d7.exe	91

C:\Users\Admin\AppData\Local\Temp\9ca38a30ab317120dd0f0d2c6c5a1edd04259cf63269c7121707c9bc70f239d7.exe
"C:\Users\Admin\AppData\Local\Temp\9ca38a30ab317120dd0f0d2c6c5a1edd04259cf63269c7121707c9bc70f239d7.exe"
1⤵
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\install.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\install.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3664

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eula.1033.txt

Filesize
14KB

MD5
0bf757a9b434139aeeb7efe413b0e60e

SHA1
fb70177080ff59dd1946107b632cd848d1761130

SHA256
cae6d6b3ce31613a6578471552933f4b8b7cef223f7c2b98efcb4bee97b34cfa

SHA512
17830dd34b1a4425492c3a93d4e2b852cfc5b6ad5b51692201471b7e3bc9e3e945a77364f93fc0b6abb5767fa2884b3461e08cb05d5cd23ae6ed300ea1d4d11d

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\globdata.ini

Filesize
1KB

MD5
92a9351b7484149869a777d840b3d828

SHA1
76272f9700ddaae97dd2001cc17566d1464e5366

SHA256
c23095bfba5d9a895b484f4923c134335c03345cd24709cc7d269ca45e51f2a0

SHA512
654945e2a4e2a107c94274fe7811ebb23f2389c8c248cd980ff446f60d686768a2e2c876609bb23130072102547df5c75d039809e6149d5c99409d1d19d0d1bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\install.exe

Filesize
177KB

MD5
c952c0e7067cf565f625a5c0f5cbbcd5

SHA1
3feb8e8a88a0999d2b9531a31d67ebb23802448c

SHA256
463ac390c53885ca5123d272a90a64ae361bec00fd997d2cb578170ea9e8f4e3

SHA512
d6cbdc5ecf8692d0b352a15d1edb848fda3b3882e7f60d76b7cec4cb2906dc65c62d1c2c090e186aacb79210d5f823e3e1c775dfe65eefa5d5e28e5d4ab7fd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\install.exe

Filesize
382KB

MD5
164e781f5ac884f6b1be24ba2ed64489

SHA1
3af275164f837d6e12e0588fea34ef528afa20bd

SHA256
a55cf1d3ea8afbfc6c46a470699ee899cf328e7d00bef2fb2168ef2ce4d54677

SHA512
8916c31bb62bde3dfed52b10b6357e6372c2f7cb502134a16fb24c1cf469aa5628db05ccb4117d385e24e95e91a871ffefb4db5e53d830524cde898e7bae2aa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\install.ini

Filesize
4KB

MD5
d04d2351f1d4428584f14799117878cd

SHA1
0ce431f96a13305884739567d49792bf9a5ab4f4

SHA256
914b8dc9cc5fc6782cbac33d2825df9a749fb9ae1ec7fd6f14989c3b3f9d22fb

SHA512
8d2f2a09e724f027a877d19025f1ab4449c2b41496c573881d321de68c59986b32f6a2911c1be1531d0a3fef31598ef436d25dff4a9f6ed15230f7e70f133def

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\install.res.1033.dll

Filesize
79KB

MD5
106aae09947bac0b6ee222a4406a39e1

SHA1
c0d69473c175b30bf49634b3af1cfafe48a088fd

SHA256
8cf095078bcac57a880b19d6211d075e081fefd4de679c3433a17ed8a29aef3b

SHA512
aa37be1745aca1e94a3c738d46f80b236c68053f3ae4b73f210075ce059840b81cfc8e1265f67d93762f0d8270cf2fdc3bcf7ab2ffb782fb29a1e761c2f26ec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\jsredist.msi

Filesize
41KB

MD5
1197c3f91aecc561456bcf8ff065f823

SHA1
4bc4478cace769c17d64dfcc32f70513f7c0089d

SHA256
066a7de018eff3c09494b022f9b74a2bfe44bc0128bff4515cfcf1aef8297804

SHA512
a6f36e19af6606890aead62a7b5758dad0095c32d8cf1cbe2b4a1365ead53fe81c3f894ed4b26be035a613df69591c375915a4ee9cbe35e2ffa94f3130eea1e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vjredist.bmp

Filesize
5KB

MD5
06fba95313f26e300917c6cea4480890

SHA1
31beee44776f114078fc403e405eaa5936c4bc3b

SHA256
594884a8006e24ad5b1578cd7c75aca21171bb079ebdc4f6518905bcf2237ba1

SHA512
7dca0f1ab5d3fd1ac8755142a7ca4d085bb0c2f12a7272e56159dadfa22da79ec8261815be71b9f5e7c32f6e8121ecb2443060f7db76feaf01eb193200e67dfd

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vjscustom.1033.dll

Filesize
41KB

MD5
b4fac2c09096b4875e2617a1efd2a918

SHA1
09d03358a3c15ca85bd58fdb915a2ae3bb8e723d

SHA256
c6d87e314fa5246941891889afbb0fbd9976978e993f367e61daab42018a7f57

SHA512
727deedc706fc252cffd3784d7f9b02e3f4a5b80b98bfad85450307ee517776ac1468f14f7bcad9d35543e3e30f26bf0d252471afba34cc1e88970dfd3ad0400

Download Submit
memory/3664-87-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download
memory/3664-93-0x00000000023C0000-0x00000000023C1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads