62fa979c83782843225c7a0d0f0aa695bae2bf29df295a83d4d0eb071d56a61d

Analysis

max time kernel
0s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2024 10:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

x86_x64_setup.exe
Size

2.5MB
MD5

743e92349fa4e70b5d34bd9be733b41c
SHA1

a1b82c3d1be61ba56e448a819990584df70a2fb4
SHA256

486a9c9cdb67b95932d7e7deda2cdea44621c2b3f407f1206c1f3ce3766850ec
SHA512

753a6314fcfa83302062e08d5704411234e321ff3eaf14ed92964576229491448e6960569c35c135fced32a80bdb65657343c08b8b1227d742377917052f0db5
SSDEEP

49152:EgXyw1i3r1pIbtMja//3W6wNG3Ja0NDuYS5pwybSUZgBffTVSX:JXy3IbtMjalwy1N6YSnXZgB3Jq

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
13	ipinfo.io
14	ipinfo.io

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 4 IoCs

pid	pid_target	Process	procid_target
1780	4400	WerFault.exe
4584	4348	WerFault.exe	44
804	3876	WerFault.exe	41
4764	3932	WerFault.exe	33

C:\Users\Admin\AppData\Local\Temp\x86_x64_setup.exe
"C:\Users\Admin\AppData\Local\Temp\x86_x64_setup.exe"
1⤵
PID:1504
- C:\Users\Admin\AppData\Local\Temp\setup_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\setup_installer.exe"
  2⤵
  PID:208
- - C:\Users\Admin\AppData\Local\Temp\7zS0D096717\setup_install.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS0D096717\setup_install.exe"
    3⤵
    PID:4400

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sahiba_7.exe
1⤵
PID:4452
- C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_7.exe
  sahiba_7.exe
  2⤵
  PID:4040

C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_3.exe
sahiba_3.exe
1⤵
PID:3932
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 1164
  2⤵
  - Program crash
  PID:4764

C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_4.exe
sahiba_4.exe
1⤵
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4400 -ip 4400
1⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 472
1⤵
- Program crash
PID:1780

C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_6.exe
sahiba_6.exe
1⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_2.exe
sahiba_2.exe
1⤵
PID:3876
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 384
  2⤵
  - Program crash
  PID:804

C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_1.exe
sahiba_1.exe
1⤵
PID:4932
- C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_1.exe
  "C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_1.exe" -a
  2⤵
  PID:804

C:\Windows\SysWOW64\rundll32.exe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
1⤵
PID:4348
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 608
  2⤵
  - Program crash
  PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 4348 -ip 4348
1⤵
PID:4928

C:\Windows\system32\rUNdlL32.eXe
rUNdlL32.eXe "C:\Users\Admin\AppData\Local\Temp\axhub.dll",main
1⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\7zS0D096717\sahiba_5.exe
sahiba_5.exe
1⤵
PID:2744

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sahiba_6.exe
1⤵
PID:1008

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sahiba_5.exe
1⤵
PID:1608

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sahiba_4.exe
1⤵
PID:2912

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sahiba_3.exe
1⤵
PID:3076

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sahiba_2.exe
1⤵
PID:2968

C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe /c sahiba_1.exe
1⤵
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 3876 -ip 3876
1⤵
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 3932 -ip 3932
1⤵
PID:1780

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\setup_installer.exe

Filesize
92KB

MD5
305c00c540e5c010533765562d65c13e

SHA1
aacc016e7852e78e73a26cc19e6aca30b4a1161a

SHA256
bf1a789cc4befb3927cf39258e6111b2bbb8720b8e8d811daefdcd6a45500b4a

SHA512
b1b86d6d8d62f8f7a9c12902da86ba54a651094360101810f6fb68937531caed8ac09973462cc9f20f0381da1b634049fb6ca0f6c5b74b57fae2c74bece7867a

Download Submit
C:\Users\Admin\AppData\Roaming\bbigdgh

Filesize
192KB

MD5
01a6adc45c5f02ca2b394f7caa8f7e19

SHA1
88d8ce1fab3cac042da4b9ec721dfddfddafc21c

SHA256
e4940ec298b1a9e056dd08d6a29d1f4002e6fed328c2f1c2e7bce50b602dced0

SHA512
baa18b8470ec824cb93abc96c2c5bd40b45b143649f299fb1d45a6186a3e96ae32dffc3eb00d576cbc02d759e4f954811916899544e7918dce928b5016200f02

Download Submit
memory/2744-96-0x00000000012A0000-0x00000000012A6000-memory.dmp

Filesize
24KB

Download
memory/2744-146-0x00007FF913BB0000-0x00007FF914671000-memory.dmp

Filesize
10.8MB

Download
memory/2744-102-0x000000001BBD0000-0x000000001BBE0000-memory.dmp

Filesize
64KB

Download
memory/2744-130-0x00007FF913BB0000-0x00007FF914671000-memory.dmp

Filesize
10.8MB

Download
memory/2744-91-0x0000000000CD0000-0x0000000000D02000-memory.dmp

Filesize
200KB

Download
memory/2744-99-0x0000000001540000-0x0000000001546000-memory.dmp

Filesize
24KB

Download
memory/2744-94-0x00007FF913BB0000-0x00007FF914671000-memory.dmp

Filesize
10.8MB

Download
memory/2744-98-0x00000000014B0000-0x00000000014D6000-memory.dmp

Filesize
152KB

Download
memory/3468-95-0x00007FF913BB0000-0x00007FF914671000-memory.dmp

Filesize
10.8MB

Download
memory/3468-97-0x000000001B940000-0x000000001B950000-memory.dmp

Filesize
64KB

Download
memory/3468-93-0x0000000000E80000-0x0000000000E88000-memory.dmp

Filesize
32KB

Download
memory/3468-143-0x00007FF913BB0000-0x00007FF914671000-memory.dmp

Filesize
10.8MB

Download
memory/3468-144-0x000000001B940000-0x000000001B950000-memory.dmp

Filesize
64KB

Download
memory/3476-126-0x0000000002CF0000-0x0000000002D05000-memory.dmp

Filesize
84KB

Download
memory/3876-118-0x0000000000400000-0x00000000009AB000-memory.dmp

Filesize
5.7MB

Download
memory/3876-129-0x0000000000400000-0x00000000009AB000-memory.dmp

Filesize
5.7MB

Download
memory/3876-110-0x0000000000A00000-0x0000000000B00000-memory.dmp

Filesize
1024KB

Download
memory/3876-111-0x00000000009F0000-0x00000000009F9000-memory.dmp

Filesize
36KB

Download
memory/3932-100-0x0000000000BC0000-0x0000000000CC0000-memory.dmp

Filesize
1024KB

Download
memory/3932-142-0x0000000002660000-0x00000000026FD000-memory.dmp

Filesize
628KB

Download
memory/3932-137-0x0000000000400000-0x0000000000A0C000-memory.dmp

Filesize
6.0MB

Download
memory/3932-101-0x0000000002660000-0x00000000026FD000-memory.dmp

Filesize
628KB

Download
memory/3932-103-0x0000000000400000-0x0000000000A0C000-memory.dmp

Filesize
6.0MB

Download
memory/4040-125-0x0000000002AC0000-0x0000000002B2E000-memory.dmp

Filesize
440KB

Download
memory/4400-66-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/4400-61-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/4400-75-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/4400-74-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/4400-72-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/4400-71-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/4400-70-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/4400-69-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/4400-67-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/4400-119-0x000000006EB40000-0x000000006EB63000-memory.dmp

Filesize
140KB

Download
memory/4400-65-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/4400-64-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/4400-63-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/4400-113-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/4400-60-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/4400-59-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/4400-51-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/4400-109-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/4400-120-0x000000006FE40000-0x000000006FFC6000-memory.dmp

Filesize
1.5MB

Download
memory/4400-73-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download
memory/4400-112-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/4400-121-0x000000006B440000-0x000000006B4CF000-memory.dmp

Filesize
572KB

Download
memory/4400-68-0x000000006B280000-0x000000006B2A6000-memory.dmp

Filesize
152KB

Download
memory/4400-62-0x0000000064940000-0x0000000064959000-memory.dmp

Filesize
100KB

Download
memory/4400-58-0x0000000000F40000-0x0000000000FCF000-memory.dmp

Filesize
572KB

Download
memory/4400-44-0x0000000000400000-0x000000000051E000-memory.dmp

Filesize
1.1MB

Download