ec514956a3205edb1563469b186ab9f84149bd511e66537fcdf235bdb97d09f6

Analysis

max time kernel
150s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11-01-2024 15:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

53e1fadebd2380f5bf8e978805cb5894.exe
Size

75KB
MD5

53e1fadebd2380f5bf8e978805cb5894
SHA1

1c680a822abaaf3a51920784817b5952e6cac7e3
SHA256

ec514956a3205edb1563469b186ab9f84149bd511e66537fcdf235bdb97d09f6
SHA512

f97bb9753fe1c82cc7c3a9b093d571c815618c9b6ee9805de7f4152a1329e863c556d6aae47839525a45fd501daf00bdc095d01efa85f7a56adc1fd4b473a8ce
SSDEEP

1536:M3isq3QFioUa9+b1tFhHDtJk+Px9zMNkXV/3CsOaNo:HMl41P3Jk+Px9zMCXQaNo

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3476	53e1fadebd2380f5bf8e978805cb5894.exe.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\TabTip.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\javac.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\javapackager.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jcmd.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\wsimport.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\mip.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\createdump.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\javac.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\javaw.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\jdb.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\keytool.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\javadoc.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\idlj.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\keytool.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\orbd.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\rmiregistry.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\bin\javaws.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\native2ascii.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\ktab.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\policytool.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\wsimport.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\jhat.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jar.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\extcheck.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\jps.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\jstat.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\createdump.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\notification_helper.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jdeps.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\pack200.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\unpack200.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\7-Zip\7zG.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\7-Zip\Uninstall.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\jjs.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Java\jdk-1.8\bin\xjc.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\jre\bin\javacpl.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File opened for modification	\??\c:\Program Files\Internet Explorer\ieinstal.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	53e1fadebd2380f5bf8e978805cb5894.exe
File created	\??\c:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	53e1fadebd2380f5bf8e978805cb5894.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\system\svchost.exe	53e1fadebd2380f5bf8e978805cb5894.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 3476	2600	53e1fadebd2380f5bf8e978805cb5894.exe	91
PID 2600 wrote to memory of 3476	2600	53e1fadebd2380f5bf8e978805cb5894.exe	91
PID 2600 wrote to memory of 3476	2600	53e1fadebd2380f5bf8e978805cb5894.exe	91
PID 2600 wrote to memory of 1768	2600	53e1fadebd2380f5bf8e978805cb5894.exe	89
PID 2600 wrote to memory of 1768	2600	53e1fadebd2380f5bf8e978805cb5894.exe	89
PID 2600 wrote to memory of 1768	2600	53e1fadebd2380f5bf8e978805cb5894.exe	89

C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe
"C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\reg.exe
  reg add "hkcu\Software\Microsoft\Windows NT\CurrentVersion\Windows" /v "load" /t reg_sz /d "C:\Windows\system\svchost.exe" /f
  2⤵
  PID:1768
- C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe.exe
  C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe.exe
  2⤵
  - Executes dropped EXE
  PID:3476

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\53e1fadebd2380f5bf8e978805cb5894.exe.exe

Filesize
25KB

MD5
20302bdd9014907685cb8a480534e509

SHA1
02a9e9b31f6947541374690a52dcfb77a7098a85

SHA256
e97942c4844f95818c3a4f6a7997e1b1583459a257fea32b73bb0868530bfe43

SHA512
3b4360e40eff478b6eef9ee0dde032e348e4c32a27a2048d1a4c8c0dfce68389dbd031e96af37edf2d9411a70bfe166e55e26a25b633b62f7e42467c923f286f

Download Submit
C:\odt\office2016setup.exe

Filesize
497KB

MD5
7510662673e68ee942197f03b393c943

SHA1
01594042050f53e34124ff0a90f5e846fbf12de2

SHA256
5fa57b8480c0a4f2178efa47f0ce60bb3ca604cab4238025dc122723a43273ab

SHA512
77c9ae46ae0ccd2bac5cfe86be770fc23d330c9236054e340a550ae0e9f99a9b342f62956f5b645c90977f1a141be9351f6581165e0779958b8dec40e1b438cb

Download Submit
memory/2600-4667-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4692-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4568-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4594-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4617-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4646-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4509-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4539-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4713-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4734-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4755-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4772-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4793-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/2600-4814-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads