8cd231955e8da73b02e875dc1a5669836af36f7fae42118e1fb800e7b8a3f3a3

Analysis

max time kernel
141s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
11/03/2024, 02:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bce3f77ac53bdd0febd808e10ba817c7.exe
Size

2.0MB
MD5

bce3f77ac53bdd0febd808e10ba817c7
SHA1

9a9d6130fd1caf4437ba4d83261a690117795c78
SHA256

8cd231955e8da73b02e875dc1a5669836af36f7fae42118e1fb800e7b8a3f3a3
SHA512

a5c4aba4401136e17f4eb0bb4e1370dae8cd33b6e504aa2063baa0332a6129d4563d8368602f37b2222547f5b8e39da7e8b3c21f8aaa3fc0973d199df4d2441f
SSDEEP

49152:IHUSTPUXTPyy88UrdvjQpPLaDwpgdij7QozFpRA0Y:IHXDUDR81rdvjWPLazWFXRO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2176	is-UO9G7.tmp

Loads dropped DLL 3 IoCs

pid	Process
2604	bce3f77ac53bdd0febd808e10ba817c7.exe
2176	is-UO9G7.tmp
2176	is-UO9G7.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2176	is-UO9G7.tmp

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 2176	2604	bce3f77ac53bdd0febd808e10ba817c7.exe	28
PID 2604 wrote to memory of 2176	2604	bce3f77ac53bdd0febd808e10ba817c7.exe	28
PID 2604 wrote to memory of 2176	2604	bce3f77ac53bdd0febd808e10ba817c7.exe	28
PID 2604 wrote to memory of 2176	2604	bce3f77ac53bdd0febd808e10ba817c7.exe	28
PID 2604 wrote to memory of 2176	2604	bce3f77ac53bdd0febd808e10ba817c7.exe	28
PID 2604 wrote to memory of 2176	2604	bce3f77ac53bdd0febd808e10ba817c7.exe	28
PID 2604 wrote to memory of 2176	2604	bce3f77ac53bdd0febd808e10ba817c7.exe	28

C:\Users\Admin\AppData\Local\Temp\bce3f77ac53bdd0febd808e10ba817c7.exe
"C:\Users\Admin\AppData\Local\Temp\bce3f77ac53bdd0febd808e10ba817c7.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Users\Admin\AppData\Local\Temp\is-0DII8.tmp\is-UO9G7.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-0DII8.tmp\is-UO9G7.tmp" /SL4 $70120 "C:\Users\Admin\AppData\Local\Temp\bce3f77ac53bdd0febd808e10ba817c7.exe" 1799297 51712
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  PID:2176

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\is-0DII8.tmp\is-UO9G7.tmp

Filesize
616KB

MD5
0e5fd0fc130e2380b08edca8f822f382

SHA1
e36aacde42ac8f297d3bffb379c021639ef4c06a

SHA256
d3f6c4e1b8e6d11661d4bdf79b438382bb5951e7a42cedbcac3ebbe88012373c

SHA512
efaabebb37413eb2a689be4070827dbeb9ba8f88f6a90a3ed33225c68eb02e43e4760dcfdf3e59eba589db0519e9ac447035ef9b3822c0414ccebdc79a5bde37

Download Submit
\Users\Admin\AppData\Local\Temp\is-OR70E.tmp\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/2176-15-0x0000000000400000-0x00000000004A8000-memory.dmp

Filesize
672KB

Download
memory/2604-1-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download
memory/2604-14-0x0000000000400000-0x0000000000413000-memory.dmp

Filesize
76KB

Download