5a7fea2951fc0d8182ad23d8f424e6f286ea77979a4e904321f165921d85d385

General

Target

aa86e3b979005aef3d6ba087a699514b.exe
Size

540KB
MD5

aa86e3b979005aef3d6ba087a699514b
SHA1

7b1915ef0d0b3caaaa0040f7b80541414caa0cc5
SHA256

5a7fea2951fc0d8182ad23d8f424e6f286ea77979a4e904321f165921d85d385
SHA512

f122728ddce70c6b0eb87c50ac55b9682994a45221614ff5f5f7fde551777dbf7102975d9645b5717bd5b7068e84fd46156a1b836232759a016799d45424af7e
SSDEEP

12288:bYoDL647vcNF5BBYCIcF9k0uJ+xVtPL4CscggpCgd:bZ3mk8kQxTP0CdgJG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2548	Webcard-Terra_imagem-001.exe

Loads dropped DLL 2 IoCs

pid	Process
2920	aa86e3b979005aef3d6ba087a699514b.exe
2920	aa86e3b979005aef3d6ba087a699514b.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2756	DllHost.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2920	aa86e3b979005aef3d6ba087a699514b.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2920 wrote to memory of 2548	2920	aa86e3b979005aef3d6ba087a699514b.exe	28
PID 2920 wrote to memory of 2548	2920	aa86e3b979005aef3d6ba087a699514b.exe	28
PID 2920 wrote to memory of 2548	2920	aa86e3b979005aef3d6ba087a699514b.exe	28
PID 2920 wrote to memory of 2548	2920	aa86e3b979005aef3d6ba087a699514b.exe	28

C:\Users\Admin\AppData\Local\Temp\aa86e3b979005aef3d6ba087a699514b.exe
"C:\Users\Admin\AppData\Local\Temp\aa86e3b979005aef3d6ba087a699514b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2920
- C:\Users\Admin\AppData\Local\Temp\Webcard-Terra_imagem-001.exe
  "C:\Users\Admin\AppData\Local\Temp\Webcard-Terra_imagem-001.exe"
  2⤵
  - Executes dropped EXE
  PID:2548

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{76D0CB12-7604-4048-B83C-1005C7DDC503}
1⤵
- Suspicious use of FindShellTrayWindow
PID:2756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\te amo.bmp

Filesize
1.7MB

MD5
92e8aa1054837f2d749f7e552b45842d

SHA1
4f577ae8a3ea82cda87c93c662285f82523bbb96

SHA256
49339ff047192d0577bb96fb4222e2bf5988a8b4cb0a63283e95afe1fca070b9

SHA512
39940633d112925ee0d08ce07d4a57aa96027c7f4b0879802917af89d69a33072add9f13e901ede7c6b99447d868a52922b94dcedbb5d5007757112d546fa681

Download Submit
\Users\Admin\AppData\Local\Temp\Webcard-Terra_imagem-001.exe

Filesize
383KB

MD5
7132a4993e8c8ccdefe7957054a74c18

SHA1
5bea59ab825a54b68806e2b7bf8a7a61c8ea1974

SHA256
40fb5f45399875e85d253d6136aa1d39c349e98585b4a6896ecdbc775169d5f2

SHA512
1421448f67b6570feed383298498e3f6dde65a6096a93b8f239a02ac43e01b35424b4fc572db879e242f495316fbc307dea37849568b5c9f8666e6bf0242afd6

Download Submit
memory/2548-29-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/2548-27-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/2756-40-0x0000000001B50000-0x0000000001B51000-memory.dmp

Filesize
4KB

Download
memory/2756-34-0x0000000001B50000-0x0000000001B51000-memory.dmp

Filesize
4KB

Download
memory/2756-31-0x0000000000340000-0x0000000000342000-memory.dmp

Filesize
8KB

Download
memory/2920-6-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-8-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-4-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-10-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2920-12-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/2920-13-0x0000000075420000-0x000000007542C000-memory.dmp

Filesize
48KB

Download
memory/2920-15-0x0000000072940000-0x0000000072A93000-memory.dmp

Filesize
1.3MB

Download
memory/2920-0-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2920-26-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-7-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-28-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-5-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-30-0x00000000024A0000-0x00000000024A2000-memory.dmp

Filesize
8KB

Download
memory/2920-9-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-33-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-1-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-32-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-35-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2920-38-0x0000000076E40000-0x0000000076F30000-memory.dmp

Filesize
960KB

Download
memory/2920-37-0x0000000072940000-0x0000000072A93000-memory.dmp

Filesize
1.3MB

Download
memory/2920-36-0x0000000075420000-0x000000007542C000-memory.dmp

Filesize
48KB

Download
memory/2920-2-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download
memory/2920-3-0x000000007EF50000-0x000000007EFAC000-memory.dmp

Filesize
368KB

Download

Analysis

Sharing