e08b587ba588a410c01dd5f1220f1121a2ebb11408815fc9ebc8aee9ff392414

Analysis

max time kernel
140s
max time network
118s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CAMS_V2009.8.2.exe
Size

4.2MB
MD5

3283c97523f2296c4a35ffee2803ddc3
SHA1

fc914ded3a0dd9deee4105da998279ba192cc5c3
SHA256

6e567e345ce71d593f35bd4869117d0e31ee585e912e9c36430e79db25bb109a
SHA512

a21739026c97f2df9b9191588f2135b3d6eae498a7e7c3754344d658ebc79779ce52199d531b3efbe76287cef8ffb1f7e823b5e4154583e6081c7eafbc6f911b
SSDEEP

98304:z1ow1bAsELqIwdcq9KbDjA6DZIKvk1kB18:z1KsELBFRDjA6OKEkB18

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2648	ISBEW64.exe

Loads dropped DLL 6 IoCs

pid	Process
2288	CAMS_V2009.8.2.exe
2288	CAMS_V2009.8.2.exe
2288	CAMS_V2009.8.2.exe
2288	CAMS_V2009.8.2.exe
2288	CAMS_V2009.8.2.exe
2288	CAMS_V2009.8.2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2288	CAMS_V2009.8.2.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2648	2288	CAMS_V2009.8.2.exe	28
PID 2288 wrote to memory of 2648	2288	CAMS_V2009.8.2.exe	28
PID 2288 wrote to memory of 2648	2288	CAMS_V2009.8.2.exe	28
PID 2288 wrote to memory of 2648	2288	CAMS_V2009.8.2.exe	28

C:\Users\Admin\AppData\Local\Temp\CAMS_V2009.8.2.exe
"C:\Users\Admin\AppData\Local\Temp\CAMS_V2009.8.2.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\ISBEW64.exe
  C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{1CB2BB2E-DA46-4BC9-B87E-C0217031BA18}
  2⤵
  - Executes dropped EXE
  PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\ISBEW64.exe

Filesize
114KB

MD5
2a276ba2b7782476302c59d0f760f4bc

SHA1
43bbb884a7b65534c417ae5a3f3f17f7e80e2f7d

SHA256
d3294cc8c750c4bd63016e87e9d2c53a501c173567f4edb9a3c6f1bd9836064a

SHA512
6bed8d3291ed422aed187637838bfb957ea59c772be3bc52c12242474712f411e174afe55ed6955b910a8ce3635f1552260063cf6db428a4e34bc76a4e3e01f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\DIFxData.ini

Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\VASData.ini

Filesize
30B

MD5
b16ff78e4420d4049da82fffe3026d31

SHA1
612be1fde59d3d4534a4d8e0947b65060ed6146b

SHA256
029f695d7a558a0070bdb42c07d35c7ae436fbd0688079b7ada58093505d9579

SHA512
8042f5a1f12ef644b7def42c52c90a252ff4a6c099956530cff8147daf2edd8934f5bc79bb560f550d47755fead71a1d0fbe7d52fdc0fb30a0ad64471beaaf7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\_IsRes.dll

Filesize
268KB

MD5
19ec9900c36f2dcfb95086619083dcc6

SHA1
4d65aae369051ec7fb7ccbef1cda6dc57fa0b0b4

SHA256
a082fb81e747ee473760939a0711e2861af7b0b6a2bdf8d83f31d22285bc5fbb

SHA512
b49812caaac518db67aa3f6b085e1984a18dce66ab44be17d87effbde317dad410705ab6f8fed9beb34ea1647f5f3167125c61fb7d02370b7897c02e2754743f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\isrt.dll

Filesize
217KB

MD5
0f68d760fb480a1b039ca7d6b877d24c

SHA1
259d101a49646c3abe17114111ff9aa7df1b8fc2

SHA256
5974ce20a780d384383cfc24af4dc62bc22ca67ce1d76ea9981c42631480ab63

SHA512
d551553ceca5b9ba86f7422893df78ce71167096cbeae65319c344abf57601e8e6c8f9779a9a45ed28ce32c3e1c477b843d8ad4437e0643c0fabf56ab7f586d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{3F58983D-B144-409C-A262-1BFCB157D863}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\setup.inx

Filesize
216KB

MD5
61caa5455ab3f25ddae47df78e37e34c

SHA1
9b598b7ce209b6eeccd618e189cc202164491ac1

SHA256
b04f8cc692f5c29b4afa9d907f5a9a9313f72353bc0e9a00716f9a787e14d59a

SHA512
c5e28be7df78455776d3fd04800d835815c1ca6b85377f709d879df6ec796008179e913810552e4e87608a5d1eed2841db05886ceff2179bd00172b4ef5bdbf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7FF4F8DA-B066-4891-A9FE-A16796E61EB5}\Disk1\ISSetup.dll

Filesize
455KB

MD5
9a6429e12efe7163e9b77595d2a7fbaf

SHA1
3a9be1205d74b22ca10e705157dd7d65944fa088

SHA256
050eac4a39834b6aeba08bc247c0037b326b886212085c297876dd956286b56b

SHA512
dc5e9e167c29acb6d587b9dd82a357c5da79f9272de5a89586d27dd6ced522676d6e1126584960a4037546d79857d4bb50fc006545e94b24a456d29d0412f9bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7FF4F8DA-B066-4891-A9FE-A16796E61EB5}\Disk1\data1.hdr

Filesize
10KB

MD5
a97b8261760c3612a083463f994d67e0

SHA1
97118c4264677953edfcc1d527ee0cf54773b97e

SHA256
a3223cb7e0b6dc3c78a893fad25cc49e0d8dd790ff8d8378a2cba8c3aeb93674

SHA512
6be08684ec76109f60300cca1326056c49fd66173093c5ce4655603c5fdea6babec2e7fbabc0a43c3a471a7c589289420eae8705715f1d506b09dcd00be9ecdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7FF4F8DA-B066-4891-A9FE-A16796E61EB5}\Disk1\setup.exe

Filesize
329KB

MD5
951386e1267ea783a7208930475b80b3

SHA1
3985e5a57d2c5577e80a7037047a5e9d356e3df6

SHA256
3d9d2a05fbd288d731eadf486710e29033144ad404db72b2bd38813e82413cbc

SHA512
3cd5125aeb7118d2bce7cd33cc46b56cb76837af9696777f9c8f790e5f556988a6e711dee8cbc82d680d6c0a6fcbde461b6700ce105b55217d3e5bdab4c43381

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7FF4F8DA-B066-4891-A9FE-A16796E61EB5}\setup.ini

Filesize
515B

MD5
aac1bfa790fc9579eac6d888cfbbef93

SHA1
e64e1814cc8b00828a200d961fd38ab71909349f

SHA256
a12a3833cdba7c3c1d0efa11a6af31bf1f6d958ca9cb228a841df4354e8e26ac

SHA512
5905018291a433b229defd540ffdc862319e6d7e00bfaceb0049f6101ea5875f8c99174e8db5833bbf9d368d94ba4b704504e340f02dbdfec614a298553c65aa

Download Submit
\Users\Admin\AppData\Local\Temp\{7FF4F8DA-B066-4891-A9FE-A16796E61EB5}\Disk1\ISSetup.dll

Filesize
542KB

MD5
2dd1c4a68e2a8a401018f5efdab5adde

SHA1
13fc964947516230c70d38281d0312bc1afe13c0

SHA256
7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

SHA512
c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

Download Submit
\Users\Admin\AppData\Local\Temp\{7FF4F8DA-B066-4891-A9FE-A16796E61EB5}\_Setup.dll

Filesize
325KB

MD5
7de2d19c870587b8ffc5a446e9b6e29a

SHA1
4818065b55bbe0469cb2135197d69caae359ac63

SHA256
35eef33d1890a6e34d647f86f24c730b4f741c9d33fcce01cfb12d2b8e55b5d1

SHA512
bf2258b84f497e40670aac594e20f5a508cf603235f2cdd73e0c4e74613ece46468571b1beeaab5065ce214675e846a0641c9cb812b8e1fdf33a6ae0237ed3b3

Download Submit
memory/2288-86-0x00000000003A0000-0x00000000003A2000-memory.dmp

Filesize
8KB

Download
memory/2288-19-0x0000000002380000-0x000000000251A000-memory.dmp

Filesize
1.6MB

Download
memory/2288-22-0x0000000000240000-0x0000000000242000-memory.dmp

Filesize
8KB

Download
memory/2288-85-0x0000000004270000-0x00000000042F8000-memory.dmp

Filesize
544KB

Download
memory/2288-120-0x0000000002380000-0x000000000251A000-memory.dmp

Filesize
1.6MB

Download
memory/2288-121-0x0000000004270000-0x00000000042F8000-memory.dmp

Filesize
544KB

Download