5d8dc4cc788e0280bab5c53fe04534138a225a0aa35be9758b6fef3f69a3793e

Analysis

max time kernel
139s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 07:31

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

8e91ed1881ac3e220d64552ade6b0f91.exe
Size

23.4MB
MD5

8e91ed1881ac3e220d64552ade6b0f91
SHA1

5592bc6245a1bfd0cce43ac2226ad2ddae6b0646
SHA256

5d8dc4cc788e0280bab5c53fe04534138a225a0aa35be9758b6fef3f69a3793e
SHA512

fc444a57ff1c37833599be6879a564d13ac7bb67e23746658b53d6683c9d5b2d0df391c961b120d78d1ab677a2fe87d8574c87abc7bb56b47d97ba95390d3fda
SSDEEP

393216:s8yFWtAPDq3iMgie8XJrgMYiEvfdTSNTa9FA3QvMymdR8x4NChxgbWGDJF:sfiAP0S8XRHYiMd0sKgk3Re4yMWMv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2204	irsetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2204	irsetup.exe
2204	irsetup.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4200 wrote to memory of 2204	4200	8e91ed1881ac3e220d64552ade6b0f91.exe	84
PID 4200 wrote to memory of 2204	4200	8e91ed1881ac3e220d64552ade6b0f91.exe	84
PID 4200 wrote to memory of 2204	4200	8e91ed1881ac3e220d64552ade6b0f91.exe	84

C:\Users\Admin\AppData\Local\Temp\8e91ed1881ac3e220d64552ade6b0f91.exe
"C:\Users\Admin\AppData\Local\Temp\8e91ed1881ac3e220d64552ade6b0f91.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4200
- C:\Users\Admin\AppData\Local\Temp\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\irsetup.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IRIMG1.BMP

Filesize
51KB

MD5
9eaca677aebb70e5df8caa5dff1e4361

SHA1
30c9cd77a4b12f99df3e1a4ec40b3229b9799175

SHA256
dacc2b4326ae9af4b755a1049a5d8ca3667c80b8d90c2562fc185fa74cefc0fd

SHA512
bc85c2d1fc67784a9ef30866d68f689bf2d5d8c10433a29220efac97a61ad82d8e7582a9fa2104dbd00ec975d3b0070344c435c88f31619ef9639001e43d7486

Download Submit
C:\Users\Admin\AppData\Local\Temp\IRIMG3.BMP

Filesize
7KB

MD5
ef0f83b8f590eef4cda9809b9d5873f6

SHA1
2217997c6c7251f7bf140498dccccfadf63dae89

SHA256
3cef434f2584fd81120e4c48b2442c0e649f340c29e42d4c8c68569091576036

SHA512
e590996a63af31cdc254a73f17071711d2f384bde374605f22ca2189731a29fdd5d992c43473c05a889cd0254c0b5df56c9c28e545e0458128cb1b1056ef2f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\IRIMG4.BMP

Filesize
7KB

MD5
5041099cf00e0848bca7f6df392dd989

SHA1
7096f40953fcfcdf222e55029fba4e938856bbd6

SHA256
ce463ce692f08675445e2a33b69feb8b1506caade8b40926744df3ac66dbf733

SHA512
1c94ddd40927b4e93b6048e6c37dd651705992a6649eb3405373b7f7d18c869b43e71d8eb9413b794a13e423933f1e077da6ceaaf2438ca9dbd6cb6631474754

Download Submit
C:\Users\Admin\AppData\Local\Temp\IRIMG5.BMP

Filesize
7KB

MD5
900efa8c86fb3a41aed60813419e116c

SHA1
683ff47b418cade3e5ca1c3e8af839553cea3a7a

SHA256
84009ade5416850e4ee68a77278a355581eb6653903dde990d3c780419a5f8c9

SHA512
4aa90a5d824a596ac2597f28822ab78b75cd438fd574ff3ea3a9a705d3019818e4be8e69c1785376eaca667778d2689ccecebbe8efcb5fecee0c85f328ee55cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.dat

Filesize
10KB

MD5
9d0fac25edef20d78ea5db7393741c5d

SHA1
6a0d5c9b514331dbde549da959dc345ed8dd1928

SHA256
f42ce6b33ebf77c97bcd391da027ad250d021d6911d4749e299066d3db98ebc6

SHA512
30427c13fa341d4d5ce546ca6d705c8b315914983aeddfc8151f327c6b09e7ecf85bd79775627b09b9ef16f82871430cc944833ee48578960b662a9df1fea1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.exe

Filesize
704KB

MD5
0624aca3d98f8a24897983e6d34e670c

SHA1
161b95598341912b3e37475d25ba71c9d9334b94

SHA256
80c1d518298d322e86d4c79273abfc8e1e3e3872e28de9197cde4ab4a025a576

SHA512
20cc2bddffe90ba21853880bc4097248292a3577b5c55e17a7fabe9b0b3ab7e3c8b3f15061b3cfcde5b31130620f67b3941dba00619a0aeedc1e0fa58cc0aa7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\irsetup.ini

Filesize
105B

MD5
7ebd3f8bb415f5bb88e968b71d437381

SHA1
4299bda6e15b8a70d213fb291aefb671a1c10d18

SHA256
9b226eb43eb3793b47edb606212f127dc298512059bfb820eaab317dff796179

SHA512
7040b2d0812e4118e777f458600ab277de75c5d46f4b2ed38c9d2fd48f3a007492666862a57b31ff6ad7b0e26c3421cdb49eb01434a2a533f471800417f2d2e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\suf6lng.9

Filesize
15KB

MD5
34b7744ee9b0677235509353d0ae2556

SHA1
311ec547dc2908e43c53a6e97b7665aa4e51b891

SHA256
c04c137885b7a69d89f4e557a4b10af313dfba1d527c2e2ead031176ba49e5cc

SHA512
fc3182cecf1ef9ea14d5cce7bf8e0e17ca5c46be6e32930acd709daa030acd814c09bd21f61454a56fcd9257557eb52d65ac688748116b05e4fd687d6caf2933

Download Submit