23e31ff146a0659837ddd781118460c4140ab4299fed26dd18136e2732363f84

Analysis

max time kernel
117s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31/12/2023, 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2be56e657d9f0f0cec76bacb91d8753f.exe
Size

179KB
MD5

2be56e657d9f0f0cec76bacb91d8753f
SHA1

c54025aab8305cdd1267e5982021c5fecb08f1fe
SHA256

23e31ff146a0659837ddd781118460c4140ab4299fed26dd18136e2732363f84
SHA512

9bbed8345b28c91ca34d6575f8a95b69691d91b95487c30de5ce73c319d6f125242ccb472dfe1fc72ecfb28c59ca1387b3794cf58376fe5bf9904d1d75264009
SSDEEP

3072:yrI1IM63g7LVpZHya2Y9Uh/hnyoqLSBuhgMAQZcEJaFkbBpm6XS/PnFwu1kC:yraH6GL5IZntopAQZBJaifi/Pvb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1912	uwdx.exe

Loads dropped DLL 2 IoCs

pid	Process
2620	2be56e657d9f0f0cec76bacb91d8753f.exe
2620	2be56e657d9f0f0cec76bacb91d8753f.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\uwdx.exe	2be56e657d9f0f0cec76bacb91d8753f.exe
File created	C:\Windows\SysWOW64\ole2.vbs	2be56e657d9f0f0cec76bacb91d8753f.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\debug\SVCH0ST.exe	2be56e657d9f0f0cec76bacb91d8753f.exe
File opened for modification	C:\Windows\debug\SVCH0ST.exe	2be56e657d9f0f0cec76bacb91d8753f.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1912	uwdx.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2620 wrote to memory of 1912	2620	2be56e657d9f0f0cec76bacb91d8753f.exe	28
PID 2620 wrote to memory of 1912	2620	2be56e657d9f0f0cec76bacb91d8753f.exe	28
PID 2620 wrote to memory of 1912	2620	2be56e657d9f0f0cec76bacb91d8753f.exe	28
PID 2620 wrote to memory of 1912	2620	2be56e657d9f0f0cec76bacb91d8753f.exe	28

C:\Users\Admin\AppData\Local\Temp\2be56e657d9f0f0cec76bacb91d8753f.exe
"C:\Users\Admin\AppData\Local\Temp\2be56e657d9f0f0cec76bacb91d8753f.exe"
1⤵
- Loads dropped DLL
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2620
- C:\Windows\SysWOW64\uwdx.exe
  C:\Windows\system32\uwdx.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:1912

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Windows\SysWOW64\uwdx.exe

Filesize
18KB

MD5
ae75ac78b4783bb1141299ddff450cfb

SHA1
cbf7e3e0c1df6c73561d8b35115f99c5da3f70b5

SHA256
f3b9f9f3d5e750be0a31304416f7dc5dfee50e972d59899fdc28e13ec7e41427

SHA512
388a7b62fea1db8686794f7716e4d686815805a6a72116c502743cf39693233686fc083393df3e2bea08e086d244a7130419d1a25669e12d6b5497d4f6b6f0ad

Download Submit
memory/1912-22-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/1912-17-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/1912-16-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download
memory/2620-4-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2620-8-0x0000000000240000-0x000000000024B000-memory.dmp

Filesize
44KB

Download
memory/2620-15-0x0000000000240000-0x000000000024B000-memory.dmp

Filesize
44KB

Download
memory/2620-0-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download
memory/2620-2-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download
memory/2620-1-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2620-24-0x0000000000400000-0x00000000004A7000-memory.dmp

Filesize
668KB

Download
memory/2620-25-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2620-26-0x0000000000240000-0x000000000024B000-memory.dmp

Filesize
44KB

Download