211fc50105cca5c9893cefe7ea1d740dd8d789ebe762075fe58d0669d160fc88

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
27/01/2024, 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7a68b2598040d342eef5e8194b7971fe.exe
Size

301KB
MD5

7a68b2598040d342eef5e8194b7971fe
SHA1

7147fad58f345d94cf597425f9a93621d3b8d88d
SHA256

211fc50105cca5c9893cefe7ea1d740dd8d789ebe762075fe58d0669d160fc88
SHA512

820bc1db147c32ecea615062055c178800296477ec114408ab0b1e768149875af35dd908ed708f2f4535fb784fda825788e08991fd80a45106629c1a54e7217e
SSDEEP

6144:bzfj/IEL1c57oIWkhJrCGTpFIYsgeWnwtCd:7/IELYklkhRCCYYsgG

Score

7^/10

discovery persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2792	IWsrv.exe
2784	IWsrv.exe

Loads dropped DLL 13 IoCs

pid	Process
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe
2656	7a68b2598040d342eef5e8194b7971fe.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Finalize = "C:\\Users\\Admin\\AppData\\Roaming\\InstallW\\Full_Setup.exe /runonce"	7a68b2598040d342eef5e8194b7971fe.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2656	7a68b2598040d342eef5e8194b7971fe.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2792	2656	7a68b2598040d342eef5e8194b7971fe.exe	30
PID 2656 wrote to memory of 2792	2656	7a68b2598040d342eef5e8194b7971fe.exe	30
PID 2656 wrote to memory of 2792	2656	7a68b2598040d342eef5e8194b7971fe.exe	30
PID 2656 wrote to memory of 2792	2656	7a68b2598040d342eef5e8194b7971fe.exe	30

C:\Users\Admin\AppData\Local\Temp\7a68b2598040d342eef5e8194b7971fe.exe
"C:\Users\Admin\AppData\Local\Temp\7a68b2598040d342eef5e8194b7971fe.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Users\Admin\AppData\Roaming\InstallW\IWsrv.exe
  C:\Users\Admin\AppData\Roaming\InstallW\IWsrv.exe install
  2⤵
  - Executes dropped EXE
  PID:2792

C:\Users\Admin\AppData\Roaming\InstallW\IWsrv.exe
C:\Users\Admin\AppData\Roaming\InstallW\IWsrv.exe
1⤵
- Executes dropped EXE
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\nso4D48.tmp\IpConfig.dll

Filesize
114KB

MD5
a3ed6f7ea493b9644125d494fbf9a1e6

SHA1
ebeee67fb0b5b3302c69f47c5e7fca62e1a809d8

SHA256
ec0f85f8a9d6b77081ba0103f967ef6705b547bf27bcd866d77ac909d21a1e08

SHA512
7099e1bc78ba5727661aa49f75523126563a5ebccdff10cabf868ce5335821118384825f037fbf1408c416c0212aa702a5974bc54d1b63c9d0bcade140f9aae1

Download Submit
\Users\Admin\AppData\Local\Temp\nso4D48.tmp\WmiInspector.dll

Filesize
104KB

MD5
8531346d16fa5d4768f6530d2eb2b65c

SHA1
153601d36aa0ddfbc597b1e890917364878791ca

SHA256
a9347413de4b0f90cac0b5e300cec9c867bdb28bd7a60d07b10fd31ee56c60cb

SHA512
f214e75de20edeb7eece02659fd7dafc8c3d63c2350c58825bc6e9ce0b73237962d8273b4bc803a2f304cee9f9cad1cd4edab28322c1e678bc25eb88faa6a841

Download Submit
\Users\Admin\AppData\Local\Temp\nso4D48.tmp\inetc.dll

Filesize
20KB

MD5
f02155fa3e59a8fc48a74a236b2bb42e

SHA1
6d76ee8f86fb29f3352c9546250d940f1a476fb8

SHA256
096a4dc5150f631b4d4d10cae07ef0974dda205b174399f46209265e89c2c999

SHA512
8be78e88c5ef2cd01713f7b5154cfdeea65605cc5d110522375884eeec6bad68616a4058356726cbbd15d28b42914864045f0587e1e49a4e18336f06c1c73399

Download Submit
\Users\Admin\AppData\Local\Temp\nso4D48.tmp\t1.dll

Filesize
4KB

MD5
058ba8a0916d957d3b91d08ea2e876e2

SHA1
1a7c36c50c5bd93f535b624a2882bc3905e7e7f3

SHA256
510af8083c0eef8b04e1171a9d6d94c64a1859701bbb106c565d2ec869437661

SHA512
24124b45bf42e186a06fcb71ca7e2c1fed3b762b681286185d7cdff53b3800c35b6326a6f21c82e9de59d8bbcb3fdab4a5c1cc9c8683e43ff230b07913d26f02

Download Submit
\Users\Admin\AppData\Roaming\InstallW\IWsrv.exe

Filesize
55KB

MD5
8c68148377f2f6da1992261ae2503773

SHA1
0f49e7ce220bd4862c9335a6512718b6908b59c2

SHA256
ce6f3275d7c103f4b65e1afd444924a59505943ebaf27a1fabd162b480318b4b

SHA512
de11083a64777720a8f2289f8dd9ee73166b7e3e1ee5d5ef90b979d3f5d9299573c7af5d22035a6a1ec7da94b140792096d59be64364ccc53ef927317c832238

Download Submit
memory/2656-18-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download
memory/2656-53-0x00000000024D0000-0x00000000024EC000-memory.dmp

Filesize
112KB

Download
memory/2656-77-0x0000000002890000-0x0000000002891000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads