6581f19671beaa14bfabf462edcbfadbb294c719b972ac9c45407ed7cb80f59a

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 01:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe
Size

3.1MB
MD5

61364a6fe5efd106c01a7c36ba09abb7
SHA1

90022820444fb45fc831513b51c5f6adaf092307
SHA256

0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf
SHA512

33b82aebe4d1a03f8703d4b4618c2dc7e964eba37701b3ba6acfba8cb20f43eb11c5bbde17cab37e8f364160cee8146102a63609216081cc9b01987cf72e3847
SSDEEP

98304:ystRgLsp8zU/sb5dYLQ5gDxyhQokALsRXzppn:ywgLuz/sb5fyUKJcsN

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2352	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 2352	2208	0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe	28
PID 2208 wrote to memory of 2352	2208	0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe	28
PID 2208 wrote to memory of 2352	2208	0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe	28
PID 2208 wrote to memory of 2352	2208	0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe	28
PID 2208 wrote to memory of 2352	2208	0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe	28
PID 2208 wrote to memory of 2352	2208	0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe	28
PID 2208 wrote to memory of 2352	2208	0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe	28

C:\Users\Admin\AppData\Local\Temp\0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe
"C:\Users\Admin\AppData\Local\Temp\0a8839b793adedb6f3b7882cd3ff2aca653b29aefe4091969bceffae430b6eaf.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" SJLNH.u /S
  2⤵
  - Loads dropped DLL
  PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\SJLNH.u

Filesize
2.5MB

MD5
8c020ef7a3fb68c7adde46c9d784b109

SHA1
4236297bbc983e21358873ea63ba22f91d95b342

SHA256
8c5fb9918b8f524fd8c3c7dec99f848c96a7ac4155d0a33f64530c476c9bdda0

SHA512
2d841485a777c4657e8115a4262b9bba1d335f40d8eda671e5b20481d41811c653779d828feb4f029e4153d364e8bc46dc02c363a72cf639c2e069a1f707783e

Download Submit
\Users\Admin\AppData\Local\Temp\SJLnH.u

Filesize
2.0MB

MD5
de9e0a5be6fe0b3344e53cb9c55be1c6

SHA1
9ad4e6745f9e7900aaa50621f5aac74f9e624dd7

SHA256
6a536c471957916cc58b012d5eb537cb8124ab6e31744afee708aaf26b9dbd8c

SHA512
74db68f9818c2e41e358d22204b2f6f809590903454b2825d470a2fc578dd76933f47c6dcec7e573c09e769dc0d7ab0c00c6c9f0c7f32272224c3d09123ddab9

Download Submit
memory/2352-5-0x0000000010000000-0x0000000010300000-memory.dmp

Filesize
3.0MB

Download
memory/2352-4-0x00000000001A0000-0x00000000001A6000-memory.dmp

Filesize
24KB

Download
memory/2352-8-0x00000000023D0000-0x0000000002508000-memory.dmp

Filesize
1.2MB

Download
memory/2352-9-0x0000000002270000-0x0000000002389000-memory.dmp

Filesize
1.1MB

Download
memory/2352-10-0x0000000002270000-0x0000000002389000-memory.dmp

Filesize
1.1MB

Download
memory/2352-12-0x0000000002270000-0x0000000002389000-memory.dmp

Filesize
1.1MB

Download
memory/2352-13-0x0000000010000000-0x0000000010300000-memory.dmp

Filesize
3.0MB

Download
memory/2352-15-0x0000000002270000-0x0000000002389000-memory.dmp

Filesize
1.1MB

Download
memory/2352-16-0x0000000002930000-0x0000000003A14000-memory.dmp

Filesize
16.9MB

Download
memory/2352-18-0x0000000003A20000-0x0000000003B2B000-memory.dmp

Filesize
1.0MB

Download
memory/2352-19-0x0000000003B30000-0x0000000003C47000-memory.dmp

Filesize
1.1MB

Download
memory/2352-22-0x0000000003B30000-0x0000000003C47000-memory.dmp

Filesize
1.1MB

Download
memory/2352-23-0x00000000000B0000-0x00000000000C1000-memory.dmp

Filesize
68KB

Download
memory/2352-24-0x00000000530F0000-0x0000000053141000-memory.dmp

Filesize
324KB

Download