94ac35df1420a09c41a5b86941e139510c087dcb8cf81d95ac037347f25ff38e

Analysis

max time kernel
146s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 02:55

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

DiskMonitor.exe
Size

12.1MB
MD5

8249d12a9921b49353df04e9d2b26f4d
SHA1

f51958c086d98efbee909daeda388254503d4c42
SHA256

23d2ce6112c0bac121d64e23076bfde5863c8bc5e8bae6699cc2e46fd843a051
SHA512

f821c78bd73d51ff7f972ade7976ec5bdffdd25bd6627a6fa0c3936a4df328d40fa835f49c939d73442e15e8633becfb332a1540590970fa7f73e46fb33c1683
SSDEEP

196608:u4kaL56QT7krLyYOt6j1gUfhcZd1e3S8gJvXZJSKPICl9rIWrkbfBdHBzC6AV:u4zz7kny9Yj1g56S8qXDR/oldHBu6AV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
7516	ISBEW64.exe

Loads dropped DLL 8 IoCs

pid	Process
1648	DiskMonitor.exe
1648	DiskMonitor.exe
1648	DiskMonitor.exe
1648	DiskMonitor.exe
1648	DiskMonitor.exe
1648	DiskMonitor.exe
1648	DiskMonitor.exe
1648	DiskMonitor.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 7516	1648	DiskMonitor.exe	69
PID 1648 wrote to memory of 7516	1648	DiskMonitor.exe	69

C:\Users\Admin\AppData\Local\Temp\DiskMonitor.exe
"C:\Users\Admin\AppData\Local\Temp\DiskMonitor.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Users\Admin\AppData\Local\Temp\{CD106CB2-FA86-4A0B-921D-7B4D619473A3}\ISBEW64.exe
  C:\Users\Admin\AppData\Local\Temp\{CD106CB2-FA86-4A0B-921D-7B4D619473A3}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{C6C217BC-9A23-477F-8069-E1763A3E5A94}
  2⤵
  - Executes dropped EXE
  PID:7516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\skin53ec.rra

Filesize
23KB

MD5
48435c582b229e89a3cf87d37eef660b

SHA1
49f732627ae3b4eac4ec2042b3e98be1f5747774

SHA256
5f301a9facc4cf15c361f4c81a4f3e2ce6c81cdc3cfe48c9483c16646c469ef6

SHA512
297c1981b9d43e15a912277c239ecb5fca20600523478d158a7c8e45d5858fad7ea2c1ccce45f33df3416239392b56c2bd5f53685369d292335be40e3b189f27

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CD106CB2-FA86-4A0B-921D-7B4D619473A3}\{1C42D474-BDBD-4200-829D-28246879365D}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CD106CB2-FA86-4A0B-921D-7B4D619473A3}\{1C42D474-BDBD-4200-829D-28246879365D}\setup.inx

Filesize
92KB

MD5
cc6397ecc5fea88bdcccfdbd61cbb747

SHA1
4b7e5d3d1f8cccdd01667439eeb1b7672bd8f9ba

SHA256
176e90017c990f72e372bc5bb2f3faba4ef9c08a9239eac82096021277d44e8c

SHA512
da53db1f88b1b9bcaf992f57a3bdb5415c9ace8ead5c9faf011882c44e824ecc4edb195e2a73dc384dead428599e407d2653b918a213bc904966bd7d6ba9e356

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CF64AF27-04E5-4F40-A2F3-39ADEC87869D}\Disk1\ISSetup.dll

Filesize
321KB

MD5
558a6cc5ecb76c6ae1d7129605e2682a

SHA1
35742f6c512084aca436113ed75a60658494aa37

SHA256
1c7833fdd869e22c1afccadad6e2e5a04cbc9ef4f4c2936f87ccdbc90a5aabb2

SHA512
a65bc9294c2b31ffd9217a2b22e87d760e9afef5c728e4ed796119f34621620d3ca4e74966260f16ad7af361fa30791b70ec41d3b7563a55cb51fc9c47a3d142

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CF64AF27-04E5-4F40-A2F3-39ADEC87869D}\Disk1\ISSetup.dll

Filesize
528KB

MD5
b608ef92dc54f3b0c0ed6c6d7cecdf57

SHA1
3fbaacaef2329d092e7f164435d9e4e6dccaf673

SHA256
def3f9adceff07193def5b8c8456e44ce21b3083115151af939f48f6d1397fbb

SHA512
4ab1b855fbbf6d316811955f70c3210b8296513755d65fbdca582b4b5faa777a30680cd4c5b0b2012e537ad8675e9e3745cbc4d51b86cd0384c57ba5f56310ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CF64AF27-04E5-4F40-A2F3-39ADEC87869D}\Disk1\ISSetup.dll

Filesize
193KB

MD5
5641cbc2f3a9a39d4e99e0b142be78ea

SHA1
448ccd77ba12ba9df533d621d88a09be5f62834f

SHA256
4793a5889839e7fa9e87f6ed7debcd9a0b51976399d303b7424f01f335f85e2a

SHA512
8e9af041e841c802d7ced3957caba14d6569b1b55a7143bc1aad058aa8cbfb7c847f4af8e8397361dd50eee71b549d801e1ce1ddf372d5673584a620f4690f26

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CF64AF27-04E5-4F40-A2F3-39ADEC87869D}\Disk1\setup.isn

Filesize
51KB

MD5
60f54893b6dda691b5bcb9dcc28d7e50

SHA1
aefc394a68a286acece1ea531a784e0627ecfd6a

SHA256
302013cfc50318fb0d03f8938047b29c3012bd60684cef0b26544f6bf5b05355

SHA512
5134267a7df3a86a1960eff76d555df73efa0b017dbb8e94a217ffe630b8704558601f896e2294931f3014c62e0c0514f8d213d1cac8cd3fcd7f45b56ab1c176

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CF64AF27-04E5-4F40-A2F3-39ADEC87869D}\_Setup.dll

Filesize
144KB

MD5
3dc409b6d3a7b4c92fc37170f151e1e7

SHA1
3a5c0d31309362324fd7e2e674a1889281285024

SHA256
75e47f77c53886685af557867d6e551091b5a1a4c2354f9bf01932802580c9ac

SHA512
ec601dccbf44984ea40aa1152821d0224696a935d15c7f6c79e341577bdd571c5fbc6c496529aee6b6a0e25284b275a1d00e01851c9319ab267cc4cda4a7a22d

Download Submit
C:\Users\Admin\AppData\Local\Temp\{CF64AF27-04E5-4F40-A2F3-39ADEC87869D}\setup.ini

Filesize
497B

MD5
6fe6ca73120a6812c04bfa6a258e3045

SHA1
2408795ce1809abad6eed6012be4ffa8fb46bc84

SHA256
6376ea5609e05955a96a1dd2eb6054aaeac1b38c90eb72d4217efc6dafd148e6

SHA512
3c25ac245e92cae29a4b060886eecc291ca2a636705ad5cbe5e67d52c1ba32fbe60fd8b8dca721020bd8f3f2a3dc6954654088314d8e682095ca72a77b803dba

Download Submit
memory/1648-4927-0x0000000005850000-0x00000000058D7000-memory.dmp

Filesize
540KB

Download
memory/1648-5611-0x0000000005B10000-0x0000000005B75000-memory.dmp

Filesize
404KB

Download
memory/1648-5357-0x0000000002B50000-0x0000000002B52000-memory.dmp

Filesize
8KB

Download
memory/1648-6425-0x0000000005B80000-0x0000000005B82000-memory.dmp

Filesize
8KB

Download
memory/1648-4736-0x0000000005850000-0x00000000058D7000-memory.dmp

Filesize
540KB

Download
memory/1648-266-0x0000000000770000-0x0000000000772000-memory.dmp

Filesize
8KB

Download
memory/1648-83-0x0000000002830000-0x00000000029C1000-memory.dmp

Filesize
1.6MB

Download
memory/1648-46-0x0000000002830000-0x00000000029C1000-memory.dmp

Filesize
1.6MB

Download
memory/1648-9405-0x0000000002830000-0x00000000029C1000-memory.dmp

Filesize
1.6MB

Download
memory/1648-9406-0x0000000005850000-0x00000000058D7000-memory.dmp

Filesize
540KB

Download