a73c0cb78aa0327f007e542887d25127c4a789d8abfffe84b41a4f0accdb0dec

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-01-2024 02:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7137b4c4896ca03bf244d7e1fe6795a6.exe
Size

14.6MB
MD5

7137b4c4896ca03bf244d7e1fe6795a6
SHA1

2a7462ca1133ee6ba7f851f3fbbea90d3fa4b576
SHA256

a73c0cb78aa0327f007e542887d25127c4a789d8abfffe84b41a4f0accdb0dec
SHA512

2c4f7613a574447279f7618623260738b26ae45e4d5c1bb87dff62a9d923cbd04b35cfe79a6c83a6265e6c55a764241359157fa5d0afa43627898979bff264aa
SSDEEP

393216:OyWsSuNb6lyAvxFgLaa5y+/iW0tkwEJejnf35:O8SuV6QR3qntdlnfJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3960	irsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3960	irsetup.exe
3960	irsetup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 3960	3456	7137b4c4896ca03bf244d7e1fe6795a6.exe	87
PID 3456 wrote to memory of 3960	3456	7137b4c4896ca03bf244d7e1fe6795a6.exe	87
PID 3456 wrote to memory of 3960	3456	7137b4c4896ca03bf244d7e1fe6795a6.exe	87

C:\Users\Admin\AppData\Local\Temp\7137b4c4896ca03bf244d7e1fe6795a6.exe
"C:\Users\Admin\AppData\Local\Temp\7137b4c4896ca03bf244d7e1fe6795a6.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Users\Admin\AppData\Local\Temp\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\irsetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3960

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IRIMG1.BMP

Filesize
7KB

MD5
95145f4cead2c4bd2ec219bc87d83f1d

SHA1
5eec034dfc7d9a6d93c21f38dfe2405c8968f6ed

SHA256
0542cb1d3e6b50f78dc63ea1abec6c518cfd4ea203649df3ef3834309ea66cad

SHA512
081d9cfa0bc46a54fcf03a62e5663282d27f56e20fbeafba2833d6267de285a354915c661dd67a3217f4dc2330c7f49babf8b24a5a68ba5a014f5e1e297cc5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\IRIMG2.BMP

Filesize
7KB

MD5
e29a24e189e95681bb41f73c16747fd8

SHA1
e9269bb9cb6f2b700fc78f92066f31b15a9c5c2a

SHA256
3973d354045be781eabf9114772fe2e5e96d1e557793de10c914d901b16e8c09

SHA512
4c6db25e04acb8349da29249f712b20c217d792e6d5fd40af9b398e2617d5168ef0afc2505a05b0833b90165d5e5eaf2e98d1821e855a99fc7833de52154ad94

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.dat

Filesize
13KB

MD5
6917c0210430534e57cdd63c47c4a8e4

SHA1
c7cc2e152fcac7835add6a928ea4a447f615b686

SHA256
5c84481cdbeee7a3cfc2098a75dc05381709d9e9ea52ae41e2c616ac27a5e7b7

SHA512
322690cb9d614e88489dfbba397aaf1799105cf90cbb4a757f1a1c6931b7f8cf1f9dc4d0f6b6841f8d4836d8d99f3f985f1b0b3901dabff4be2a5b0f32993602

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.exe

Filesize
704KB

MD5
6f20d65c5af232700ddf7b3206d9c870

SHA1
527a7e3525dd9b0f3f6e0d508702e6816311b255

SHA256
593ad36de23204385eeadfe318972c2e9f01275e59fd00342ad5892be0b2c6b0

SHA512
3f038a87dc644994c68b1c2596aa499fc128a18bcab74766c81ea2bc6d5a86511a810af2700e87bfe85b28fe792a51795b4014a2145c01b122ca869a577538e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.ini

Filesize
105B

MD5
4d9f8887e5272630f33eb551fcefde4f

SHA1
cf8b5dfd9691cf93e368a5ac70895bbf09c792c5

SHA256
c0c2350dedc76df44271df5f039662dc2a59c8e07a35929f76d17cd175e2ad2a

SHA512
6c21c30f5ae1e8d29f3891c7bd4c26d72b5686843e60133e785ffca2afa0b502931b437780def1de130e7ff0aa4d09db891a2c82a232b5732ff584bd0f0957f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\suf6lng.4

Filesize
12KB

MD5
5930543afe37917c8e447635310009d5

SHA1
b012ad5d21489c97e2fdb27728e808200fceef07

SHA256
a084e98c6807381e118d47c1c65c591361f4159d87b3b4386ed347ca60c890a5

SHA512
073080d3233d21936fc8ddafd06bcde8eb15913577b1a7015cbdb3a8af13c7678e65f1afa2036e2fb59eebec55f8fbf025958d8490d13dea05a093534a4aff9b

Download Submit