8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
21-02-2024 04:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe
Size

1.8MB
MD5

3fd969f248fa4cf853b79dfdd838292a
SHA1

8702eab27855633a7fb34bc9149863b0ca393694
SHA256

8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713
SHA512

68f93eb48857340fca373d7de8f4d128d522860fd7337d6069283c694ad0e97f33604c075de75b6d5bf27287ef5df6e015d57b39ceb71613464691d19f28fac7
SSDEEP

49152:ysldGRpnyZmuIbjRYhICrOMX9XL/JDtlv0zLN4V:ysAnruImhFTXL/J5lv0zLN4V

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2856	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2988 wrote to memory of 2856	2988	8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe	28
PID 2988 wrote to memory of 2856	2988	8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe	28
PID 2988 wrote to memory of 2856	2988	8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe	28
PID 2988 wrote to memory of 2856	2988	8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe	28
PID 2988 wrote to memory of 2856	2988	8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe	28
PID 2988 wrote to memory of 2856	2988	8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe	28
PID 2988 wrote to memory of 2856	2988	8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe	28

C:\Users\Admin\AppData\Local\Temp\8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe
"C:\Users\Admin\AppData\Local\Temp\8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" -s 3S62U.AVv
  2⤵
  - Loads dropped DLL
  PID:2856

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\3s62U.avv

Filesize
1.6MB

MD5
c1166f807c980524e8c79a2999cd8748

SHA1
43da093d7fdeb5c47d7e4f3db484ab698d3ea323

SHA256
c73cea9119ac79afedfa96986acc0d5796b3ce2fef5671132a4b385cfd493995

SHA512
6b2e4db25c36f96353e01bdf0ee437ec1995cb9c158059d8bbecbc6bd56d889b37dafc80aa45b78ed5109f876f5fe40562a637fa1f892175d6cb47e01d3d3aca

Download Submit
memory/2856-5-0x0000000000170000-0x0000000000176000-memory.dmp

Filesize
24KB

Download
memory/2856-4-0x0000000010000000-0x00000000101A4000-memory.dmp

Filesize
1.6MB

Download
memory/2856-8-0x0000000002530000-0x0000000002658000-memory.dmp

Filesize
1.2MB

Download
memory/2856-9-0x0000000002660000-0x000000000276B000-memory.dmp

Filesize
1.0MB

Download
memory/2856-12-0x0000000002660000-0x000000000276B000-memory.dmp

Filesize
1.0MB

Download
memory/2856-13-0x0000000010000000-0x00000000101A4000-memory.dmp

Filesize
1.6MB

Download
memory/2856-19-0x0000000002770000-0x0000000003409000-memory.dmp

Filesize
12.6MB

Download
memory/2856-18-0x0000000002660000-0x000000000276B000-memory.dmp

Filesize
1.0MB

Download
memory/2856-20-0x0000000003410000-0x000000000350D000-memory.dmp

Filesize
1012KB

Download
memory/2856-21-0x0000000003510000-0x000000000360E000-memory.dmp

Filesize
1016KB

Download
memory/2856-24-0x0000000003510000-0x000000000360E000-memory.dmp

Filesize
1016KB

Download
memory/2856-25-0x0000000000110000-0x0000000000122000-memory.dmp

Filesize
72KB

Download
memory/2856-26-0x0000000030AA0000-0x0000000030AEC000-memory.dmp

Filesize
304KB

Download