4955bc35bd8cf8d1f0b6766923067e21d1f71102ae0977c22ac2634f1d0724a3

Resubmissions

04/01/2024, 15:37

240104-s2ggsaehc5 5

04/01/2024, 14:49

240104-r64mfaabhp 4

Analysis

max time kernel
121s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04/01/2024, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Wacom-SigCaptX-1.25.4.exe
Size

33.0MB
MD5

4a3b9b058ac6f9ec6ee9625ccdb137da
SHA1

d30fab9705d266ee036f26a69cb59c8c861beaf6
SHA256

4955bc35bd8cf8d1f0b6766923067e21d1f71102ae0977c22ac2634f1d0724a3
SHA512

89875f147c800c5539848923c221a6c3c24fc11fa10e94d0a2af7edd7cdf3de60b7957c942f3d619a87506cc34e39821d7881b3514209bb7074f86f230331929
SSDEEP

786432:xipX9HL2vwZ17n1+d2iJSxKVyrl1gD+vZh8AkY1E+P50C+pVjWUlA5dii:QpX9HL2IZ1z1yVVy/gQ+AkY1EEx5ci

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Executes dropped EXE 1 IoCs

pid	Process
2424	Wacom-SigCaptX-1.25.4.exe

Loads dropped DLL 2 IoCs

pid	Process
2056	Wacom-SigCaptX-1.25.4.exe
2424	Wacom-SigCaptX-1.25.4.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2056 wrote to memory of 2424	2056	Wacom-SigCaptX-1.25.4.exe	23
PID 2056 wrote to memory of 2424	2056	Wacom-SigCaptX-1.25.4.exe	23
PID 2056 wrote to memory of 2424	2056	Wacom-SigCaptX-1.25.4.exe	23
PID 2056 wrote to memory of 2424	2056	Wacom-SigCaptX-1.25.4.exe	23
PID 2056 wrote to memory of 2424	2056	Wacom-SigCaptX-1.25.4.exe	23
PID 2056 wrote to memory of 2424	2056	Wacom-SigCaptX-1.25.4.exe	23
PID 2056 wrote to memory of 2424	2056	Wacom-SigCaptX-1.25.4.exe	23

C:\Users\Admin\AppData\Local\Temp\Wacom-SigCaptX-1.25.4.exe
"C:\Users\Admin\AppData\Local\Temp\Wacom-SigCaptX-1.25.4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2056
- C:\Windows\Temp\{F8DCED6F-D466-464C-8C22-3AB8A7111DB9}\.cr\Wacom-SigCaptX-1.25.4.exe
  "C:\Windows\Temp\{F8DCED6F-D466-464C-8C22-3AB8A7111DB9}\.cr\Wacom-SigCaptX-1.25.4.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\Wacom-SigCaptX-1.25.4.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{7E217E03-05A2-4D5F-B408-FA2A26D4B01E}\.ba\logo.png

Filesize
5KB

MD5
b8b8bae8d8546f951ad926ea3b12224d

SHA1
647928354b1efc5410a83a7bae973103fd3bddbd

SHA256
246c5d045e9eaed20aad45227ecb8825ec9040801bd11cab3f242b3be08e1612

SHA512
5f090b27a0e8d6e5bc66c6362027d194076d0274ed81adf8b74b557e767bf2d071a16f9af1d86d74175798656c06bc27e8026e0fe3d378e44d59cb6585a2715b

Download Submit
C:\Windows\Temp\{F8DCED6F-D466-464C-8C22-3AB8A7111DB9}\.cr\Wacom-SigCaptX-1.25.4.exe

Filesize
92KB

MD5
9b5f5e28ad7223604c70f41fddace572

SHA1
6138403b3c8f1148bb96c8a58a7755a046c94f34

SHA256
5336dc6ead4ddfcaa53883a0c9bd62f11f721cc015deb4340b78ea9ffc681413

SHA512
b21183f02515abc04528b48256ce4fb48990e41359d718f359c3c64575e4d338a8316642dc2516183e189752887bb330eb030352e33e810a43a50ae2d952f892

Download Submit
\Windows\Temp\{7E217E03-05A2-4D5F-B408-FA2A26D4B01E}\.ba\wixstdba.dll

Filesize
92KB

MD5
470dbfa39f3cb2be18cb0a04d9b5e8d3

SHA1
6a32f43fe8307b39abb0fbde7fcfc486ae93181e

SHA256
590ae22b1bd311e4354b3246ae7c1fb04e276aa20de839e0a8096aa891a931c2

SHA512
2ef168ac36b585ac1b6714aa25c0fe1f5dfb0ea3fa5a540fe930152db8d34937cb41432dee9616bcd428879312dbcd3f09118ea315c0b97c461946bd236500c4

Download Submit
\Windows\Temp\{F8DCED6F-D466-464C-8C22-3AB8A7111DB9}\.cr\Wacom-SigCaptX-1.25.4.exe

Filesize
101KB

MD5
a6d2d60d32b7dda45463d14cb71fea36

SHA1
dc5deb34be20664eade7da847500d4b386b42d43

SHA256
d929cadef1efc969bb9fe149505fca904da46e399f9c770e5b038032ab0c21bd

SHA512
763fe307f75b1418339c9763053ab2828bf68ee772c8dc934a3813d073e03cd43077bd42c21ad37462de15223d4b331fc748a6cf53a7b5b5e9ead95b8ccae4a5

Download Submit