14cf777abeedcd9f116f1aeb6362c8d0abb004f4eeb3f28e6e47280519637b2c

Analysis

max time kernel
142s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 17:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sign.exe
Size

15.9MB
MD5

4f63aebfcbeeb6a580e13bd81d4c8a19
SHA1

00143c99571ec2cdef358a19215acc49e92488bd
SHA256

bb4a96deea854f3a23aa87497b76a2bcba165c7d3b60617dc2b222a6475235d5
SHA512

406d40fbe820ebd924064e7043f7cd817fc047ccbddcec79c848489f027b865c324051500e961a21400dc57a2e37655a52afc2b59db9c8fd291068f2743152e5
SSDEEP

393216:65crRz8IBR1bKCHGuUVLIRfiXbVqRelD:PVzfRlzHTgLq2VMU

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2084	sign.exe
2084	sign.exe
2084	sign.exe
2084	sign.exe

C:\Users\Admin\AppData\Local\Temp\sign.exe
"C:\Users\Admin\AppData\Local\Temp\sign.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\EInvoice.blt

Filesize
512B

MD5
7df3e7f582228a72ac26744c80fc5f90

SHA1
03b52cb4962e69c3fc0ad47db1a676d463ea090c

SHA256
dcd22183888779174553cdc257d24d6d9f354f8003ad6d064527faa2871db60c

SHA512
2a1dd6f7b35749e6af3476338c6957d5eeb1c6950926ba99948c1d2fd495252a97de2c63221e535eb43843a6938571d7dd23e1b1f75a883b904271245fb2a44c

Download Submit
C:\Users\Admin\AppData\Local\Temp\EInvoice.ibk

Filesize
28KB

MD5
269b45a27ffad49047f26e279abd0cf6

SHA1
ba95e308b1972af2de688ddd4687276782395625

SHA256
e534686fe8c6f55d183802eb0cda2ab512f14cf42dbd449e317785c046b899d9

SHA512
758c9f3fe9832a4cabddc26f77957027be48889ff0244dac91d610c2a6fc144f8ed43354ceee78bf1771bad5e8e0f88e91504fe5439cfb7cd6d76dbcaa3a0473

Download Submit
C:\Users\Admin\AppData\Local\Temp\EInvoice.idt

Filesize
28KB

MD5
467f77c16ac7d42c26c657fad557e204

SHA1
1e1ec3176af201e8052d723342ba1fb3b4bb30f5

SHA256
b6fec76634d486e084ef39b2491b9740cf0a5249d622aa2550754169819873b2

SHA512
e563f25432b8a53140a6e23e894a7716853a63718863425508f55a23f8a79652539c2dd82691f2e73e0fc951a18844340609d7120f0ee6bd5d3f3423b19109b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\EInvoiceMonthNotificationDetails.ibk

Filesize
28KB

MD5
eab6ccdac7bfef804455b1766adba61a

SHA1
57ff8d5288a82309034b5389f34e43b17960f761

SHA256
cc4adca3dfbf9067389d65b551b5388271d0e2d04045800f21df6195a3bee5db

SHA512
977f5e115e0f0ff8457dcdcd43cd0011d70c570482df8ebdd5edab373fd42e15ca1ae05c267e1823151f4e9e994e60b24c24da4aeddeca85548017e3fe1c9240

Download Submit
C:\Users\Admin\AppData\Local\Temp\signoptions.ini

Filesize
383B

MD5
70673f5bc61d79295a1b271d90546b00

SHA1
8b42af24701c0bf0b8002b2f93eec1af1aacfd39

SHA256
3a0b57fe08524b3856db06d397e5d7614056f5a96f671e6e850a6b1dd3697266

SHA512
29f2b92ffa84b69567fce742d95d714d861ac7723267b76227ef2dc32d5ed68bb25e3274cc3b3b84054d591c4cbb7560c0970029ec72d18c9ecaae3c1410372d

Download Submit
memory/2084-0-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2084-61-0x000000000CD00000-0x000000000CD01000-memory.dmp

Filesize
4KB

Download
memory/2084-62-0x0000000000400000-0x00000000049C7000-memory.dmp

Filesize
69.8MB

Download
memory/2084-64-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/2084-65-0x000000000CD00000-0x000000000CD01000-memory.dmp

Filesize
4KB

Download