ba24c37c5e7dd428becb2517191df2c12b2f99c37464780a9d64b98f7e1e4a9b

Analysis

max time kernel
190s
max time network
295s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
04/02/2024, 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba24c37c5e7dd428becb2517191df2c12b2f99c37464780a9d64b98f7e1e4a9b.exe
Size

1.8MB
MD5

f0aa51afeb9f04c460147d9412d8c904
SHA1

c21e8a2934864367e686c877601a27e1fae8b4d8
SHA256

ba24c37c5e7dd428becb2517191df2c12b2f99c37464780a9d64b98f7e1e4a9b
SHA512

4e9caba1aa1a69fd5a4b6e27edeb3d8fcc19183875538c21c4098e6421549089a2eb5364b7b37602f84b28227a55462302c33636ab9bd58dac732ee3c695e32a
SSDEEP

49152:anGImUFe1tjaLWjsPzlDitEDNblknr8fkjw24V:aGIctChFiOdirHjw24V

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
3608	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 3608	428	ba24c37c5e7dd428becb2517191df2c12b2f99c37464780a9d64b98f7e1e4a9b.exe	73
PID 428 wrote to memory of 3608	428	ba24c37c5e7dd428becb2517191df2c12b2f99c37464780a9d64b98f7e1e4a9b.exe	73
PID 428 wrote to memory of 3608	428	ba24c37c5e7dd428becb2517191df2c12b2f99c37464780a9d64b98f7e1e4a9b.exe	73

C:\Users\Admin\AppData\Local\Temp\ba24c37c5e7dd428becb2517191df2c12b2f99c37464780a9d64b98f7e1e4a9b.exe
"C:\Users\Admin\AppData\Local\Temp\ba24c37c5e7dd428becb2517191df2c12b2f99c37464780a9d64b98f7e1e4a9b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:428
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" /u 0GL_2L.U /s
  2⤵
  - Loads dropped DLL
  PID:3608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\0GL_2L.U

Filesize
1.5MB

MD5
ec92ac3b4a3fe6c6ece419d275df8622

SHA1
0cb9f335c18066fce647b12c677a8f418386ef54

SHA256
9fd46afe5516923f9e978838ef2bf22c1863971ca9ecdc39858a6852b8a8be1d

SHA512
b0426cfaa2d6f2ab0bc3604753f8e4e63e3868d199448b73ee1874cdc1935cb9bda3b9e61a20e492ce0ec12200a1f46b7efc00083a1e26844b5fc9cca4e0cb51

Download Submit
memory/3608-6-0x0000000000D10000-0x0000000000D16000-memory.dmp

Filesize
24KB

Download
memory/3608-7-0x0000000010000000-0x0000000010180000-memory.dmp

Filesize
1.5MB

Download
memory/3608-10-0x0000000004C60000-0x0000000004D8E000-memory.dmp

Filesize
1.2MB

Download
memory/3608-11-0x0000000004850000-0x0000000004962000-memory.dmp

Filesize
1.1MB

Download
memory/3608-14-0x0000000004850000-0x0000000004962000-memory.dmp

Filesize
1.1MB

Download
memory/3608-15-0x0000000010000000-0x0000000010180000-memory.dmp

Filesize
1.5MB

Download
memory/3608-17-0x0000000004850000-0x0000000004962000-memory.dmp

Filesize
1.1MB

Download
memory/3608-18-0x0000000004D90000-0x0000000005B6D000-memory.dmp

Filesize
13.9MB

Download
memory/3608-19-0x0000000005B70000-0x0000000005C71000-memory.dmp

Filesize
1.0MB

Download
memory/3608-20-0x0000000005C80000-0x0000000005D84000-memory.dmp

Filesize
1.0MB

Download
memory/3608-21-0x0000000005C80000-0x0000000005D84000-memory.dmp

Filesize
1.0MB

Download
memory/3608-23-0x0000000005C80000-0x0000000005D84000-memory.dmp

Filesize
1.0MB

Download
memory/3608-24-0x0000000000C00000-0x0000000000C12000-memory.dmp

Filesize
72KB

Download
memory/3608-25-0x0000000034740000-0x0000000034792000-memory.dmp

Filesize
328KB

Download