76914fe9a1a27c759c23c45d69292e1c2bb2356d7a5dbab5776fd5fa20332079

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
25/01/2024, 21:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

758c58c5a00bae58bff61be8183d2738.exe
Size

536KB
MD5

758c58c5a00bae58bff61be8183d2738
SHA1

b897bf39041c1f25ae3a29aa4e997be055237ba8
SHA256

76914fe9a1a27c759c23c45d69292e1c2bb2356d7a5dbab5776fd5fa20332079
SHA512

5f6d257622ca4c692c95210b887f52640cb960adcf6a6db30d0e66510221ec279128acc915bc7e90df4b04e04bf8ef4af1abf52a537b9f3e78f1f7fe30336e36
SSDEEP

12288:4wb6l7FL98wrEDqgHDlS/ur33cTvfnyB7VuVuCfkRF2h1CPiP1x:fb65Fp8WEDTD4/uzMTv/y5MVxkRF2hEW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2016	Scache.exe
1212	iepsetup.exe

Loads dropped DLL 6 IoCs

pid	Process
1384	758c58c5a00bae58bff61be8183d2738.exe
1384	758c58c5a00bae58bff61be8183d2738.exe
1212	iepsetup.exe
1212	iepsetup.exe
1212	iepsetup.exe
1212	iepsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
1212	iepsetup.exe
1212	iepsetup.exe
1212	iepsetup.exe

Suspicious use of WriteProcessMemory 11 IoCs

description	pid	Process	procid_target
PID 1384 wrote to memory of 2016	1384	758c58c5a00bae58bff61be8183d2738.exe	28
PID 1384 wrote to memory of 2016	1384	758c58c5a00bae58bff61be8183d2738.exe	28
PID 1384 wrote to memory of 2016	1384	758c58c5a00bae58bff61be8183d2738.exe	28
PID 1384 wrote to memory of 2016	1384	758c58c5a00bae58bff61be8183d2738.exe	28
PID 1384 wrote to memory of 1212	1384	758c58c5a00bae58bff61be8183d2738.exe	29
PID 1384 wrote to memory of 1212	1384	758c58c5a00bae58bff61be8183d2738.exe	29
PID 1384 wrote to memory of 1212	1384	758c58c5a00bae58bff61be8183d2738.exe	29
PID 1384 wrote to memory of 1212	1384	758c58c5a00bae58bff61be8183d2738.exe	29
PID 1384 wrote to memory of 1212	1384	758c58c5a00bae58bff61be8183d2738.exe	29
PID 1384 wrote to memory of 1212	1384	758c58c5a00bae58bff61be8183d2738.exe	29
PID 1384 wrote to memory of 1212	1384	758c58c5a00bae58bff61be8183d2738.exe	29

C:\Users\Admin\AppData\Local\Temp\758c58c5a00bae58bff61be8183d2738.exe
"C:\Users\Admin\AppData\Local\Temp\758c58c5a00bae58bff61be8183d2738.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1384
- C:\Users\Admin\AppData\Local\Temp\Scache.exe
  "C:\Users\Admin\AppData\Local\Temp\Scache.exe" -pagoT3RE954jwq32qt -s
  2⤵
  - Executes dropped EXE
  PID:2016
- C:\Users\Admin\AppData\Local\Temp\iepsetup.exe
  C:\Users\Admin\AppData\Local\Temp\iepsetup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  PID:1212

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Exec.dll

Filesize
99KB

MD5
c73f6d59d239075eb2f6f39a0ddb6981

SHA1
10c15db6afa179fbb062c3614aba447ffc461409

SHA256
f90991c5b45e06698b89cc8990b4ffd0c5ca1b328c31642a178ec6619698345e

SHA512
86cffd3ef654ab0c94c55b631b40cf0ff1c872ca22c07de526973e15839de648c525ea05f3b206d13ee2d7265a60a261ee8a06e0dfa720ff964e92849ca61331

Download Submit
\Users\Admin\AppData\Local\Temp\Scache.exe

Filesize
544KB

MD5
1ee5be8d96a7d12b62b11cf46e9c6e73

SHA1
de98085349dfb7e240bfb533a9f0b4091f9a5f46

SHA256
9a7eb6829735ab98d4d00428781c18ea96f3514f10115d18b095187f6f5a6f35

SHA512
3fd9c1e12ba12a8daae42c35317495cc3fab280347e3f23b25992c849a051a6a186fb6c3fdaf7bfd80e84b1e192c711a54ff5c39a6bcba1d0bf5eb9af87faad1

Download Submit
\Users\Admin\AppData\Local\Temp\iepsetup.exe

Filesize
1.1MB

MD5
ed9207a859225a283cf8aba17448cf45

SHA1
c57e664609b7b584120af81e2f06bf1659d4691c

SHA256
3ed2ff1288118a8e919219466a17c409cee9811f6bf6e45261a91fa0e8eab0e0

SHA512
e23c5a4ced8cfd4f55d7d685a0b70da14e58c577b4ab9d3051f1affd53c6b899f68b0341af22213fae2766aec725da4acd8bf14e0bd2893fe7dac185bc733718

Download Submit
memory/1212-20-0x00000000003E0000-0x00000000003FD000-memory.dmp

Filesize
116KB

Download
memory/1212-21-0x0000000000400000-0x000000000051F000-memory.dmp

Filesize
1.1MB

Download
memory/2016-10-0x0000000000400000-0x0000000000423000-memory.dmp

Filesize
140KB

Download