Analysis

  • max time kernel
    95s
  • max time network
    183s
  • platform
    windows10-1703_x64
  • resource
    win10-20240214-en
  • resource tags

    arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
  • submitted
    21/02/2024, 04:58

General

  • Target

    8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe

  • Size

    1.8MB

  • MD5

    3fd969f248fa4cf853b79dfdd838292a

  • SHA1

    8702eab27855633a7fb34bc9149863b0ca393694

  • SHA256

    8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713

  • SHA512

    68f93eb48857340fca373d7de8f4d128d522860fd7337d6069283c694ad0e97f33604c075de75b6d5bf27287ef5df6e015d57b39ceb71613464691d19f28fac7

  • SSDEEP

    49152:ysldGRpnyZmuIbjRYhICrOMX9XL/JDtlv0zLN4V:ysAnruImhFTXL/J5lv0zLN4V

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe
    "C:\Users\Admin\AppData\Local\Temp\8d159726ddef9fe45088dff1267389c546e2991601efa74410f5ca6c2f4ae713.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2420
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -s 3S62U.AVv
      2⤵
      • Loads dropped DLL
      PID:4232

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\3S62U.AVv

          Filesize

          1.6MB

          MD5

          c1166f807c980524e8c79a2999cd8748

          SHA1

          43da093d7fdeb5c47d7e4f3db484ab698d3ea323

          SHA256

          c73cea9119ac79afedfa96986acc0d5796b3ce2fef5671132a4b385cfd493995

          SHA512

          6b2e4db25c36f96353e01bdf0ee437ec1995cb9c158059d8bbecbc6bd56d889b37dafc80aa45b78ed5109f876f5fe40562a637fa1f892175d6cb47e01d3d3aca

        • memory/4232-6-0x0000000000CE0000-0x0000000000CE6000-memory.dmp

          Filesize

          24KB

        • memory/4232-7-0x0000000010000000-0x00000000101A4000-memory.dmp

          Filesize

          1.6MB

        • memory/4232-10-0x0000000004D50000-0x0000000004E78000-memory.dmp

          Filesize

          1.2MB

        • memory/4232-11-0x0000000004E80000-0x0000000004F8B000-memory.dmp

          Filesize

          1.0MB

        • memory/4232-14-0x0000000004E80000-0x0000000004F8B000-memory.dmp

          Filesize

          1.0MB

        • memory/4232-15-0x0000000010000000-0x00000000101A4000-memory.dmp

          Filesize

          1.6MB

        • memory/4232-20-0x0000000004E80000-0x0000000004F8B000-memory.dmp

          Filesize

          1.0MB

        • memory/4232-21-0x0000000004F90000-0x0000000005C29000-memory.dmp

          Filesize

          12.6MB

        • memory/4232-22-0x0000000005C30000-0x0000000005D2D000-memory.dmp

          Filesize

          1012KB

        • memory/4232-23-0x0000000005D30000-0x0000000005E2E000-memory.dmp

          Filesize

          1016KB

        • memory/4232-26-0x0000000005D30000-0x0000000005E2E000-memory.dmp

          Filesize

          1016KB

        • memory/4232-27-0x0000000000BA0000-0x0000000000BB2000-memory.dmp

          Filesize

          72KB

        • memory/4232-28-0x0000000030AA0000-0x0000000030AEC000-memory.dmp

          Filesize

          304KB