e08b587ba588a410c01dd5f1220f1121a2ebb11408815fc9ebc8aee9ff392414

Analysis

max time kernel
141s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 05:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

CAMS_V2009.8.2.exe
Size

4.2MB
MD5

3283c97523f2296c4a35ffee2803ddc3
SHA1

fc914ded3a0dd9deee4105da998279ba192cc5c3
SHA256

6e567e345ce71d593f35bd4869117d0e31ee585e912e9c36430e79db25bb109a
SHA512

a21739026c97f2df9b9191588f2135b3d6eae498a7e7c3754344d658ebc79779ce52199d531b3efbe76287cef8ffb1f7e823b5e4154583e6081c7eafbc6f911b
SSDEEP

98304:z1ow1bAsELqIwdcq9KbDjA6DZIKvk1kB18:z1KsELBFRDjA6OKEkB18

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
316	ISBEW64.exe

Loads dropped DLL 8 IoCs

pid	Process
4468	CAMS_V2009.8.2.exe
4468	CAMS_V2009.8.2.exe
4468	CAMS_V2009.8.2.exe
4468	CAMS_V2009.8.2.exe
4468	CAMS_V2009.8.2.exe
4468	CAMS_V2009.8.2.exe
4468	CAMS_V2009.8.2.exe
4468	CAMS_V2009.8.2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 316	4468	CAMS_V2009.8.2.exe	58
PID 4468 wrote to memory of 316	4468	CAMS_V2009.8.2.exe	58

C:\Users\Admin\AppData\Local\Temp\CAMS_V2009.8.2.exe
"C:\Users\Admin\AppData\Local\Temp\CAMS_V2009.8.2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\ISBEW64.exe
  C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{75958218-E195-488B-B71C-E1FDE6F34367}
  2⤵
  - Executes dropped EXE
  PID:316

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\ISBEW64.exe

Filesize
114KB

MD5
2a276ba2b7782476302c59d0f760f4bc

SHA1
43bbb884a7b65534c417ae5a3f3f17f7e80e2f7d

SHA256
d3294cc8c750c4bd63016e87e9d2c53a501c173567f4edb9a3c6f1bd9836064a

SHA512
6bed8d3291ed422aed187637838bfb957ea59c772be3bc52c12242474712f411e174afe55ed6955b910a8ce3635f1552260063cf6db428a4e34bc76a4e3e01f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\DIFxData.ini

Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\FontData.ini

Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\VASData.ini

Filesize
30B

MD5
b16ff78e4420d4049da82fffe3026d31

SHA1
612be1fde59d3d4534a4d8e0947b65060ed6146b

SHA256
029f695d7a558a0070bdb42c07d35c7ae436fbd0688079b7ada58093505d9579

SHA512
8042f5a1f12ef644b7def42c52c90a252ff4a6c099956530cff8147daf2edd8934f5bc79bb560f550d47755fead71a1d0fbe7d52fdc0fb30a0ad64471beaaf7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\_IsRes.dll

Filesize
268KB

MD5
19ec9900c36f2dcfb95086619083dcc6

SHA1
4d65aae369051ec7fb7ccbef1cda6dc57fa0b0b4

SHA256
a082fb81e747ee473760939a0711e2861af7b0b6a2bdf8d83f31d22285bc5fbb

SHA512
b49812caaac518db67aa3f6b085e1984a18dce66ab44be17d87effbde317dad410705ab6f8fed9beb34ea1647f5f3167125c61fb7d02370b7897c02e2754743f

Download Submit
C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\isrt.dll

Filesize
217KB

MD5
0f68d760fb480a1b039ca7d6b877d24c

SHA1
259d101a49646c3abe17114111ff9aa7df1b8fc2

SHA256
5974ce20a780d384383cfc24af4dc62bc22ca67ce1d76ea9981c42631480ab63

SHA512
d551553ceca5b9ba86f7422893df78ce71167096cbeae65319c344abf57601e8e6c8f9779a9a45ed28ce32c3e1c477b843d8ad4437e0643c0fabf56ab7f586d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{626CC05B-B81F-44BA-981E-04831653152C}\{EB14AD5E-90E9-43C1-8FFA-E0A9A2018AE9}\setup.inx

Filesize
216KB

MD5
61caa5455ab3f25ddae47df78e37e34c

SHA1
9b598b7ce209b6eeccd618e189cc202164491ac1

SHA256
b04f8cc692f5c29b4afa9d907f5a9a9313f72353bc0e9a00716f9a787e14d59a

SHA512
c5e28be7df78455776d3fd04800d835815c1ca6b85377f709d879df6ec796008179e913810552e4e87608a5d1eed2841db05886ceff2179bd00172b4ef5bdbf4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9EF2E9EF-D6FD-4A4D-894C-4AB6064DCEFD}\Disk1\ISSetup.dll

Filesize
50KB

MD5
4af148d2f518be15e975e30cd17dbf89

SHA1
3cca31dd3639dabffb7ee5ae1bd2460cf2c91e03

SHA256
eda5c7fd324ffd4d76ccfe62047ff5f215fc15c478818f094f7f71222953258b

SHA512
1a7deb361362fcbb38cb3f9db1dcfbba833b078641c09a53d2614fa0365bd6037e2c6ef016cf5e39c61a3452b78e42fb204769fd73e2baf224ae7325542150fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9EF2E9EF-D6FD-4A4D-894C-4AB6064DCEFD}\Disk1\ISSetup.dll

Filesize
61KB

MD5
bcd6f60436a3e598e078692019a07ca1

SHA1
c17e2797305cf9578ffffe1d17efbeae4b9292c3

SHA256
8079385dfbdd05e40960dd8cd853f7edbe75afc29529004523d80149ecddea4d

SHA512
18312854ac7adbd5b38b49eace651bc9c6716ff2a6797f9b61c5da742bbe6eb00b043c2bd128bf892c18e56427286d9075a9a943b330f9e6fe8917de5cb2af13

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9EF2E9EF-D6FD-4A4D-894C-4AB6064DCEFD}\Disk1\ISSetup.dll

Filesize
60KB

MD5
28d7a41cd4e14cc760ac25d6df590831

SHA1
7641daee2e3fc8dad056cf60dcb097291d3a2752

SHA256
526dfde0d3894b457d6d183ca43edad238e949abe668d85c5a8c86c841e37cf0

SHA512
fdfabc13aaec0ff6d31059e6b86cb7dc1fd338e9e47114d5508f79ad5f115429937df1bdc3c31676380aa59d1a89dc9f35a8ab838e576b6f9176fe18ee22869a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9EF2E9EF-D6FD-4A4D-894C-4AB6064DCEFD}\_Setup.dll

Filesize
60KB

MD5
26ff50758a460b7f88960203ef4613c3

SHA1
9062bce9d24059bbaa5a64047d3abab719744af2

SHA256
f8a1057b83b3667e2b2eade3efa574cb9641994d269e72b31ed2df88f0028156

SHA512
8af0890433399ad9895fa3e7316ccf6793254847956c454a51ad1e1b720ebfe80b77230ccfa69750ca825cc121af1797fb500cc736a7bad8791df2cbc3310f0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9EF2E9EF-D6FD-4A4D-894C-4AB6064DCEFD}\_Setup.dll

Filesize
76KB

MD5
6baae070719d61e3fe0670c791e46db9

SHA1
360581f49fe4eee18646fb34d4afbafdc326b4c7

SHA256
08135ef230286e8fec08f562316045548de19cbdce57bae542eefa0ff7ebc705

SHA512
edb73e6a348cc9380f0a0fd1a8883b43f5eabfdc7a2ff2c8a88c00a0b5dba5c5abd83761a4ee64c92c37a7603b27869071aaf796a5b45a65011c5ea208a7b9ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9EF2E9EF-D6FD-4A4D-894C-4AB6064DCEFD}\_Setup.dll

Filesize
68KB

MD5
144639feee640eab81555f060200a7dc

SHA1
a6bf2560f208f98ffcfcaec66a503fd5080214b2

SHA256
cdb912961a551019c835e37696c9550ead1678a41ddb30d0c00a8c4831745046

SHA512
72498f537453d639ce07de9e3391a3aeb4166426abda8fcd04b05a5d7b752afbf5e00460cc1dadcda56ad738a100824bd4d65f392f868b61928542d94f965866

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9EF2E9EF-D6FD-4A4D-894C-4AB6064DCEFD}\setup.ini

Filesize
515B

MD5
aac1bfa790fc9579eac6d888cfbbef93

SHA1
e64e1814cc8b00828a200d961fd38ab71909349f

SHA256
a12a3833cdba7c3c1d0efa11a6af31bf1f6d958ca9cb228a841df4354e8e26ac

SHA512
5905018291a433b229defd540ffdc862319e6d7e00bfaceb0049f6101ea5875f8c99174e8db5833bbf9d368d94ba4b704504e340f02dbdfec614a298553c65aa

Download Submit
memory/4468-96-0x0000000004860000-0x0000000004862000-memory.dmp

Filesize
8KB

Download
memory/4468-95-0x0000000005010000-0x0000000005098000-memory.dmp

Filesize
544KB

Download
memory/4468-28-0x00000000004C0000-0x00000000004C2000-memory.dmp

Filesize
8KB

Download
memory/4468-94-0x0000000005010000-0x0000000005098000-memory.dmp

Filesize
544KB

Download
memory/4468-27-0x00000000023B0000-0x000000000254A000-memory.dmp

Filesize
1.6MB

Download
memory/4468-127-0x00000000023B0000-0x000000000254A000-memory.dmp

Filesize
1.6MB

Download
memory/4468-128-0x0000000005010000-0x0000000005098000-memory.dmp

Filesize
544KB

Download