ef28bd6a6b6b07f4a1dad0d50ecc5eed0d29f2a85a84cd316fd70d7703724f7c

Analysis

max time kernel
215s
max time network
46s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-12-2023 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TelSM320.exe
Size

4.8MB
MD5

b78e230345a0896e4fabca9e740b702f
SHA1

e64dc3a11e3b1abb5d247c646ac3a643fee57261
SHA256

944ff487f4ab8e3b3a0d9004c1b816ac1397783c75a5d82ba665467e4e930066
SHA512

51eb7fd8758873d4dfbfcad5ef7cf97495119d7df1b85f1c932cba8eeb62f9c8d38d92ea4cbbcbf4bed04df27ed81e1a367277d3f75dfc12b473eb7b168c9b87
SSDEEP

98304:3RcxdHsgoWFKYWVAF3vLewmTKKjVCiEREqvlyAchvzGstklI8LZ:asjSKO/LzmTKK13dRUmO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2748	TelSM320.tmp

Loads dropped DLL 4 IoCs

pid	Process
2156	TelSM320.exe
2748	TelSM320.tmp
2748	TelSM320.tmp
2748	TelSM320.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2748	TelSM320.tmp

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 2748	2156	TelSM320.exe	29
PID 2156 wrote to memory of 2748	2156	TelSM320.exe	29
PID 2156 wrote to memory of 2748	2156	TelSM320.exe	29
PID 2156 wrote to memory of 2748	2156	TelSM320.exe	29

C:\Users\Admin\AppData\Local\Temp\TelSM320.exe
"C:\Users\Admin\AppData\Local\Temp\TelSM320.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Users\Admin\AppData\Local\Temp\is-A6942.tmp\TelSM320.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-A6942.tmp\TelSM320.tmp" /SL5="$5015E,4719096,52224,C:\Users\Admin\AppData\Local\Temp\TelSM320.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-A6942.tmp\TelSM320.tmp

Filesize
560KB

MD5
8d2fe0a0d2a837f0c37ead52c580b73a

SHA1
c53918135088351e6da241217fe1d7041b711cd9

SHA256
fffc5db747da1543c131fe7e0882f9a7a943f5e56c5c79c525349b0e43ea59be

SHA512
f790ad2e3a7a7cab3526a2a1237517ca47803bfbcafb6eda9125824f9a4b2f71b05a4fec7138250327ca9ccade7d87851693b957f1615fb3c9b212563a1b8e83

Download Submit
\Users\Admin\AppData\Local\Temp\is-7RO01.tmp\_isetup\_isdecmp.dll

Filesize
13KB

MD5
a813d18268affd4763dde940246dc7e5

SHA1
c7366e1fd925c17cc6068001bd38eaef5b42852f

SHA256
e19781aabe466dd8779cb9c8fa41bbb73375447066bb34e876cf388a6ed63c64

SHA512
b310ed4cd2e94381c00a6a370fcb7cc867ebe425d705b69caaaaffdafbab91f72d357966916053e72e68ecf712f2af7585500c58bb53ec3e1d539179fcb45fb4

Download Submit
\Users\Admin\AppData\Local\Temp\is-7RO01.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
\Users\Admin\AppData\Local\Temp\is-A6942.tmp\TelSM320.tmp

Filesize
660KB

MD5
aa1e9eec51c34d68b3fae2caf4bea3f2

SHA1
ccd2381cff17acbb0adc0c6f409d6df8346c3803

SHA256
2575430608f57e268eb5fc7842aff36bd5506af1d413a02e829920fab72e7e44

SHA512
7ea3747779213df50e3e0b55eae0abb20eeebe20ec8ceb630f8aa93e637889cda7f313c683900748c69e2ee0b66117504fbeee5dbf1ee8e71f096b79b5fa6497

Download Submit
memory/2156-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2156-3-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2156-23-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/2748-10-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2748-11-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2748-24-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/2748-27-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download