Overview

overview

4

Static

static

1

uiso9_pe.exe

windows10-2004-x64

4

Analysis

  • max time kernel
    35s
  • max time network
    39s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18-02-2024 10:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    uiso9_pe.exe

  • Size

    4.9MB

  • MD5

    5a2000a241a6947c060ee63425d7ebef

  • SHA1

    d80bbe4769b5e00886797d6f7c30063031eb5699

  • SHA256

    5f26ba6ce5a487a3c9ec7663143f6d661c5500d0dd593274bd4ab6e78815d236

  • SHA512

    cf4155b56d878d1d4c8b18669d6aa700c626fa5b2f67719bb8b2f8378059003046f437ae223a7aef6336d95cb82eeeb057910a432c135bbc4d94619a8bbfde1a

  • SSDEEP

    98304:JUj8/4MycvvCf9uOj5zXSdcrRsMZtuS0xbN0yjqnolKIMPgZrx/CpSSMD/zCDK8:Oj3MychOBXSdclsotcYyEGMPqrxo0zCP

Score
4/10
discoverypersistence

Malware Config

Signatures

  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 60 IoCs
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 2 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 64 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of WriteProcessMemory 11 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\uiso9_pe.exe
    "C:\Users\Admin\AppData\Local\Temp\uiso9_pe.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3680
    • C:\Users\Admin\AppData\Local\Temp\is-LHQL3.tmp\uiso9_pe.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-LHQL3.tmp\uiso9_pe.tmp" /SL5="$C0050,4629041,128512,C:\Users\Admin\AppData\Local\Temp\uiso9_pe.exe"
      2⤵
      • Drops file in Program Files directory
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4652
      • C:\Windows\system32\regsvr32.exe
        "C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\UltraISO\isoshl64.dll"
        3⤵
        • Loads dropped DLL
        • Registers COM server for autorun
        • Modifies registry class
        PID:2440
      • C:\Program Files (x86)\UltraISO\drivers\isocmd.exe
        "C:\Program Files (x86)\UltraISO\drivers\isocmd.exe" -i
        3⤵
        • Executes dropped EXE
        PID:3868
      • C:\Program Files (x86)\UltraISO\UltraISO.exe
        "C:\Program Files (x86)\UltraISO\UltraISO.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:3600
  • C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\AUDIODG.EXE 0x4ac 0x490
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:4768

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\EZB Systems\lame_enc.dll
    Filesize

    962KB

    MD5

    b9e34ae6d6ecb1e19b36dc70e7ef406c

    SHA1

    014985ed2dab57e606e08788fc9177220dd2aed1

    SHA256

    3b8817fad300fd729d28ca4895d9fb131cf64e699fe5de658ae44c6d056dace4

    SHA512

    d2360eb205a7f8feb9d45237f0190ef3b2444b22225bead9eedfe5301cac0601741a7d849033d3b2b5cd2a39496edc86e1d4d4444110bafefcf4a8922c6bbff2

    Download Submit

  • C:\Program Files (x86)\Common Files\EZB Systems\lame_enc.dll
    Filesize

    896KB

    MD5

    42b9b1556d0101ef8007a7bf92ad914c

    SHA1

    8fcf145f5cba60075dba783f96b3ffe934aedfe9

    SHA256

    7e6093e8c4032eee6ded7026c9d326606f380e2c63426eece22d5c04ac111e6e

    SHA512

    425e5c073c65498160e213dc40e7081a7cda301bd3bf3484fcb8bc857c6a0b7c49ac6b5fef150bf06e1c3377b44e99c38d0db5523e5cbcac4b69383fac209126

    Download Submit

  • C:\Program Files (x86)\UltraISO\UltraISO.exe
    Filesize

    5.2MB

    MD5

    63285e1d8a23ad23dd5b163feb715059

    SHA1

    67ee1910b3dd150a1297367dacdb4b272db01644

    SHA256

    116033b8e66845a6db4c97a134464254034228ad937e2610066e1b6a759018be

    SHA512

    d296a019aa558e7678188277e4e83fa451add9a9e3629e0a4665565764de26e6a9806feb6d69534308907556421c94cbc4c802db04f2cf87a3a1fb3765e09fe7

    Download Submit

  • C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys
    Filesize

    132KB

    MD5

    bc81814b594286bef9913ec5ca1110d7

    SHA1

    523fc3b657fd3fb493e0fb14c0bbf39813d1e558

    SHA256

    9c22b6f77e929d319c5e891ee1510045dc5f486bdaf47a0696564d4d84d30379

    SHA512

    2b65dc57a4c83c1ef243396dabf15cf53faa145bd073ac89dbf9104519e7a2b97a303c96acfdbc992e9ac19efbe65b143dd27bb6c9f7ad3e76c5eacb1b9a1889

    Download Submit

  • C:\Program Files (x86)\UltraISO\drivers\IsoCmd.exe
    Filesize

    28KB

    MD5

    55677a521dd34ce7a93ab3f1d12b2dfd

    SHA1

    4316dd2b5e4ebb48886955ec5365b2f40d4298b3

    SHA256

    fc506cb2ce0fa9a994db2e29a595f818fe93cae93dd2f8cca6f4b40944907c5c

    SHA512

    e4e05c49701865ba349f4c037c96539cfd3da1f8cd97f9668474ca50a50db0a50e59e7f21f7e0fbc44ca1f79f7cdb529f82bc70b2a7a34e861bb5350ee783dcc

    Download Submit

  • C:\Program Files (x86)\UltraISO\isoshl64.dll
    Filesize

    151KB

    MD5

    c0fc6c67bd9d9fbc4f8ad44232d49d11

    SHA1

    e5ad2b56cc20652401ee5c60fe118cf3fb474a7b

    SHA256

    50df2e7ba2ab1892dd1e8c03be51a1dfa9c1ecc501d5166cd5e69badb4a8c503

    SHA512

    74bc8d2d93c870f0449582b6de60ade9b0322a5cca945beac8842ccd4577569ea97a7089163dcff8b0115ebbaf2ae75d09ae5214efcb8ea6902c80a2cc0e5586

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-LHQL3.tmp\uiso9_pe.tmp
    Filesize

    771KB

    MD5

    3de2992c86c78e781881e9c0db26a32f

    SHA1

    c26845ca7319a66432304a955cecdad4f977d040

    SHA256

    e9700438d88e5a5f54d6940a4129477e943dcd4b95b006d0b38ef1e2a566a642

    SHA512

    88d318e3265ac733408836592f87349a7bd2be1ae34e92ef7bd302926ff69b4a072300d5eac07cffdf91929b24ae08818c7cfb42cc825afaacd29250f7cae6a6

    Download Submit

  • memory/3600-162-0x0000000000400000-0x0000000000E31000-memory.dmp

    Filesize

    10.2MB

    Download

  • memory/3600-155-0x0000000002450000-0x0000000002451000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3600-159-0x0000000004410000-0x0000000004411000-memory.dmp

    Filesize

    4KB

    Download

  • memory/3680-8-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3680-0-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3680-158-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/3680-2-0x0000000000400000-0x0000000000426000-memory.dmp

    Filesize

    152KB

    Download

  • memory/4652-145-0x0000000000400000-0x00000000004D0000-memory.dmp

    Filesize

    832KB

    Download

  • memory/4652-157-0x0000000000400000-0x00000000004D0000-memory.dmp

    Filesize

    832KB

    Download

  • memory/4652-154-0x0000000000670000-0x0000000000671000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4652-9-0x0000000000400000-0x00000000004D0000-memory.dmp

    Filesize

    832KB

    Download

  • memory/4652-6-0x0000000000670000-0x0000000000671000-memory.dmp

    Filesize

    4KB

    Download