aebdca242faa2ab7e15a4c8c6fc877a7c46c869a32890c413130b2e57e82afba

Analysis

max time kernel
118s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
12-03-2024 16:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SpamKiller2908.exe
Size

2.2MB
MD5

cc2024cb2a62218709403a1b0849541b
SHA1

4af74a011f36d28edc4a11000942205e8b0af16b
SHA256

1cea75341207205bf53a8bdf9eb57db0b778d14a4fda3def32de50ec16609e98
SHA512

c8833850f4bbe4f57bf29a3723b63ffd10f340ed98d9f8dffcd2ee21604b485dae464d98c597ae91b012dfd11fe14961a8d9f4ab258ef44fd51191b7b74dcfa1
SSDEEP

49152:kZ62RExWZ8QX8AyHo/Cu9vgUEcptjsBF63CoK+YS8Td:kZ6PS3X0WCu9LZvQBQyYYxd

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2100	SpamKiller2908.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\I:	SpamKiller2908.exe
File opened (read-only)	\??\V:	SpamKiller2908.exe
File opened (read-only)	\??\M:	SpamKiller2908.exe
File opened (read-only)	\??\O:	SpamKiller2908.exe
File opened (read-only)	\??\A:	SpamKiller2908.exe
File opened (read-only)	\??\E:	SpamKiller2908.exe
File opened (read-only)	\??\H:	SpamKiller2908.exe
File opened (read-only)	\??\J:	SpamKiller2908.exe
File opened (read-only)	\??\K:	SpamKiller2908.exe
File opened (read-only)	\??\L:	SpamKiller2908.exe
File opened (read-only)	\??\R:	SpamKiller2908.exe
File opened (read-only)	\??\X:	SpamKiller2908.exe
File opened (read-only)	\??\Y:	SpamKiller2908.exe
File opened (read-only)	\??\N:	SpamKiller2908.exe
File opened (read-only)	\??\P:	SpamKiller2908.exe
File opened (read-only)	\??\Q:	SpamKiller2908.exe
File opened (read-only)	\??\S:	SpamKiller2908.exe
File opened (read-only)	\??\T:	SpamKiller2908.exe
File opened (read-only)	\??\U:	SpamKiller2908.exe
File opened (read-only)	\??\B:	SpamKiller2908.exe
File opened (read-only)	\??\G:	SpamKiller2908.exe
File opened (read-only)	\??\W:	SpamKiller2908.exe
File opened (read-only)	\??\Z:	SpamKiller2908.exe

C:\Users\Admin\AppData\Local\Temp\SpamKiller2908.exe
"C:\Users\Admin\AppData\Local\Temp\SpamKiller2908.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\TGSETUP0.TMP\SETUP.LNG

Filesize
93B

MD5
fb73c5225d8b164cfa0f09df242cf2a7

SHA1
0f4a612a261cd701ddf9dbbccacb06f3d55a0740

SHA256
b07b46ab3c0738158b14c450c7fdb12bcb3a8580400e7ff5277bc0836398a9b0

SHA512
80ffcb20db4dee82ad4e433d523178d76ab240c0884cde17e747ce22140bd64658b79f08bec586e1a977c23c29339489373f84ab04df397f9352c2a7560b1bb1

Download Submit
\Users\Admin\AppData\Local\Temp\TGSETUP0.TMP\BOOT0409.DLL

Filesize
58KB

MD5
bdebc6ec15c17718a2465d52e5b49ea7

SHA1
2ff0fda712f319a7d24b99f483f36a0923af0991

SHA256
ed384856cd5819d1b954bf14a975e7be2ce03aa279d730cecb8994d9750419c5

SHA512
77cfadb55e1c50b65643ab90952f500bc9ad1f67f684d18183a19fc55630b697c017bb734c5cecff32a370a8be7ac38b31684a80062b99def641e9deecf2aebb

Download Submit
memory/2100-9-0x0000000000250000-0x0000000000264000-memory.dmp

Filesize
80KB

Download
memory/2100-14-0x0000000000400000-0x0000000000424000-memory.dmp

Filesize
144KB

Download