ffa0a83de105cdc69f4adc8db6d3a3c60d6388ad8a977f7a5f51075244adc9d0

Analysis

max time kernel
2s
max time network
122s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
06-01-2024 20:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a33320347199af40d65eed59dcc2a61.exe
Size

547KB
MD5

7a33320347199af40d65eed59dcc2a61
SHA1

dee1f7559517bd0cad0ce1d177886ea8df17f2a4
SHA256

ffa0a83de105cdc69f4adc8db6d3a3c60d6388ad8a977f7a5f51075244adc9d0
SHA512

c825eb36edca5786e138ea159963dad14236afd8d673b1ee19498fb9d6bcea12788334a982b9587093bcbf20752dfd17183e50a9702c97b51bb2ea46536a3b49
SSDEEP

3072:sPgp5XXRvjxCb5NgXDY7uSlkJcUa7kYQTcqW2NdQQGH/UDhSCUc4aqTBW1pr/:UElKgzelZNQSBQGH/CSpWqTW

Score

6^/10

Malware Config

Signatures

Enumerates connected drives 3 TTPs 10 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\O:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\G:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\I:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\J:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\K:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\L:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\M:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\E:	7a33320347199af40d65eed59dcc2a61.exe
File opened (read-only)	\??\H:	7a33320347199af40d65eed59dcc2a61.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\RCX5BA0.tmp	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX575A.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\RCX57EF.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\7-Zip\RCX564F.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpconfig.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\7-Zip\RCX562B.tmp	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Media Player\setup_wm.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Journal\PDIALOG.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Internet Explorer\ieinstal.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Java\jre7\bin\java-rmi.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Microsoft Office\Office14\RCX5A7D.tmp	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Google\Chrome\Application\chrome.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX5A9F.tmp	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Mozilla Firefox\default-browser-agent.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX577A.tmp	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Internet Explorer\iediagcmd.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Java\jre7\bin\RCX59EB.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX579C.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\appletviewer.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Mail\wab.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Mail\WinMail.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\RCX5BA1.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\RCX5BB3.tmp	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Defender\MSASCui.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\RCX5748.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\RCX59B7.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\RCX5A2D.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Mozilla Firefox\RCX5AC1.tmp	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\chrmstp.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Mozilla Firefox\default-browser-agent.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnscfg.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\DVD Maker\DVDMaker.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Windows Mail\wab.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpenc.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Media Player\wmpnetwk.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Media Player\WMPDMC.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\RCX56BF.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\RCX577C.tmp	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Microsoft Games\Chess\RCX5A2C.tmp	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Microsoft Games\Chess\Chess.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Windows Media Player\WMPDMC.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\ink\InkWatson.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLED.cab	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Windows Media Player\wmlaunch.exe	7a33320347199af40d65eed59dcc2a61.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\chrome_pwa_launcher.exe	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Microsoft Office\Office14\MSOHTMED.EXE	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\FlickLearningWizard.cab	7a33320347199af40d65eed59dcc2a61.exe
File created	C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.cab	7a33320347199af40d65eed59dcc2a61.exe

C:\Users\Admin\AppData\Local\Temp\7a33320347199af40d65eed59dcc2a61.exe
"C:\Users\Admin\AppData\Local\Temp\7a33320347199af40d65eed59dcc2a61.exe"
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
PID:2268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\7-Zip\7z.cab

Filesize
92KB

MD5
d1b7eb6d1452348ed30cca4a59229224

SHA1
d96b3a6d42f73c9a6b68392d6adf1b1e14c3062e

SHA256
25a447598b343dddbc19db74be1c8f66a78ddd23e9a4dc6af162079827482b0b

SHA512
2ed32272b98e4038602bd94ed8199dd4c269d8ee7dd69e71c2097e4055714d61ef4468abdf67d535c887353ead87cb4e9cc04f199ae8cb5753505fb2cf964e97

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
92KB

MD5
431780234d2e4ebfd70bd7c0835be1c1

SHA1
f3632d698c8fd917eb177dacfbce6ec6430f3cc2

SHA256
9955d256596721e206b474e861a40e12055f3f4b7a666fbb8ee5ffe678aa3248

SHA512
a3e96d28bcf3b65e6bc3476416f7f3b7fde573e5bf12b102fb020969c9ef72ce55b9a06af4e1e3381fbf7ad8a531e70e9a1a49d7c7025d742e0ba6d341627ebe

Download Submit
memory/2268-0-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download
memory/2268-588-0x0000000000400000-0x000000000048B000-memory.dmp

Filesize
556KB

Download