e56cbb857f8c0adf17dbf261c41b29a4d559194445af3d1fa55512902ed50071

Analysis

max time kernel
120s
max time network
123s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
29/01/2024, 12:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7fe009952fde9b4dfe1c7289a1160dcf.exe
Size

1.4MB
MD5

7fe009952fde9b4dfe1c7289a1160dcf
SHA1

d80db3b0b2b5fa1b0e7b79e12d44a12bc395ff92
SHA256

e56cbb857f8c0adf17dbf261c41b29a4d559194445af3d1fa55512902ed50071
SHA512

47165173cf9679be1bb441bc409f9cc89a004746dfa06d03eeee9beded3b5ce7c8d5f69bb7627a3b4993185e2a9b6249a3fb7720bc0d7d86121ae6d9e2010e04
SSDEEP

24576:vrCVAFsOL3jkfZ3Usmqgp9VdvwEtH6BpoaB2+n1oVqdVu1zvvTv4cZy/8KyB35cT:umVkBkZp9VKEgUaB2+1VE1zkjEKyJdc

Score

6^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Winamp\Plugins\259407089.tmp	7fe009952fde9b4dfe1c7289a1160dcf.exe
File created	C:\Program Files\Winamp\Plugins\Out_Volumelogic.dll	7fe009952fde9b4dfe1c7289a1160dcf.exe
File opened for modification	C:\Program Files\Winamp\Plugins\Out_Volumelogic.dll	7fe009952fde9b4dfe1c7289a1160dcf.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\259407073.tmp	7fe009952fde9b4dfe1c7289a1160dcf.exe
File created	C:\Windows\eSellerateEngine.dll	7fe009952fde9b4dfe1c7289a1160dcf.exe
File opened for modification	C:\Windows\eSellerateEngine.dll	7fe009952fde9b4dfe1c7289a1160dcf.exe
File created	C:\Windows\Volumelogic Uninstaller.exe	7fe009952fde9b4dfe1c7289a1160dcf.exe
File opened for modification	C:\Windows\Volumelogic Uninstaller.exe	7fe009952fde9b4dfe1c7289a1160dcf.exe

C:\Users\Admin\AppData\Local\Temp\7fe009952fde9b4dfe1c7289a1160dcf.exe
"C:\Users\Admin\AppData\Local\Temp\7fe009952fde9b4dfe1c7289a1160dcf.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
PID:620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\aaiw259406934.bmp

Filesize
326B

MD5
4cf7475e76cb7892a79cc4da8dac51a5

SHA1
54bdca44165458ff4095a536a2dce1f5a2f37c2d

SHA256
ea7860c41776b228b3c6e8286a237933c15a015451cdc78de891c1ca86ff080f

SHA512
aab5dbb5f3cc35e80fa9fb9020fcc12d07819c58affe0463275248a808dc0a6b7b410d14d3668f94542db1948db9f5266e406fb9f8769145d09359e9063b0756

Download Submit
C:\Windows\Volumelogic Uninstaller.exe

Filesize
101KB

MD5
f30b06cce1e5ad9498c36c1229297595

SHA1
5d92883aac50cb58818fa1a643c11c4be08cf749

SHA256
7cb8828e7cb0827ffb8343f7d12284982199df5c5abb84c72129cdb2fcaf8c4e

SHA512
be8077ef2b6fd35c0f52ba83a27c89c02c4b6c0b5ed5bad2f67bd5e458e07de8b3764486686892e4cdd7668db12bfd280e9e65c79701636bade2a2397493fda0

Download Submit