ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900

Analysis

max time kernel
118s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13-03-2024 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
Size

18.0MB
MD5

694e030c0f81c5c9f7cdd509b2452ff8
SHA1

9bebd2a8d7f507aeb965f2ae1cec10c3292a0bfb
SHA256

ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900
SHA512

763d199bc931433cdc5a2bbd3853da8132ef5790c745d122549c66a90171bb0bfc5ed4dc5ea65233ca83d0bb7ae36ae0a6999cd2115dedd579853fdfd9a70d41
SSDEEP

393216:rIQArQSyy44nu4lH2UTAHy0JPP24jufJtdzQM036Z:erQSyy44nuwWUTcO4juGf36Z

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2508	autorun.exe

Loads dropped DLL 2 IoCs

pid	Process
2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
2508	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2508	autorun.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
2508	autorun.exe
2508	autorun.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 2508	2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	28
PID 2008 wrote to memory of 2508	2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	28
PID 2008 wrote to memory of 2508	2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	28
PID 2008 wrote to memory of 2508	2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	28
PID 2008 wrote to memory of 2508	2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	28
PID 2008 wrote to memory of 2508	2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	28
PID 2008 wrote to memory of 2508	2008	ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe	28

C:\Users\Admin\AppData\Local\Temp\ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe
"C:\Users\Admin\AppData\Local\Temp\ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2008
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\ddf666feeef88ee16e416e1b5aa4b05f713ded3c7878f4ae810ba80758432900.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Audio\Telephon_2.ogg

Filesize
150KB

MD5
ce279d6ee8450374961c60924ea5eb50

SHA1
7c0de7269a0aa86b038e4725012ac66cda10ea3a

SHA256
4ff14f2ce69df353d215e56aa54beb09c644450e2d6b9ce55068b95de0a1d794

SHA512
75c9afc97110cd8b614d69cd0a68099218fb109ee0094543473ad5cf1fd3b19cc0377c426e147c7b2870c95d4e7e7f77ee6f35d12ba72d80e30d4b63c3a80a4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\0004-luna.btn

Filesize
3KB

MD5
285147a9684de9e00291c613cf8a5daa

SHA1
6a74c4bd2edd345ef7bc40e819e9602fbe4343db

SHA256
d273fd92c260dd69a1dedfe0f1075a193a3b4c74bc4e34a4de249f058bcf6a11

SHA512
8378c09ea38f6669d60bf173772c6e2b54cd1c14accfd2499f864c20d1eda1c486c5e697c7b1886767789b57218cb8f2f4d43babf8ff5d6818b6fb6fc20c9e84

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\1042_0001.btn

Filesize
11KB

MD5
c225da8d05d9b6fc99fdfbdbc13dee0f

SHA1
6df43ec01fbd5558d192f1ed17e75f3f8f9a7ab1

SHA256
8ed92aa88f825fcc44bc57f4f51812c0ddba6054996d0273a753b7ae610f18d1

SHA512
e288e9bde61cc2d69d3ee2dcc3d150d77af268f743d5881fa0b65a4e3f8c839a180632dfe7fabba5081040af8f1fb8c88f2a6e258515dfb62f910ca57d390d0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\1042_0003.btn

Filesize
22KB

MD5
89b60456a43310f42c7fd225a63e0719

SHA1
152ea693717e7778a16a2385416c4d522dafce5c

SHA256
15172fd4074b84765dfba931983b38338760d6cf07c1d64274a82c0237cb2c42

SHA512
4667f7b0cf4a5c54c1fd1ff3c5aedd9f0efd0e8d26683f007063f6e76e8309f0c6553d79c6f67741427f8fa2c5affa6558990cf49b933536f3d5f66a6bc544e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\21616383_274383643079431_5391337216637019769_n.jpg

Filesize
40KB

MD5
64810bb1b3bf274ca706916257dab1dd

SHA1
590eb92f3b86ccc57642552e56168218f633e689

SHA256
2189860f24abba65cd302cdffa031926de51cf9e78e60cdedbfd863b8d7975a8

SHA512
ac88fd86776bd4cfe0ce0705ff3bdbf50aa0e8a7aa4ceab312cbedace6740d83cb0702a4478dcb77665502b4d17f5c77fbbd5ac98e8781de3772984951bf525c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Bar-Horizontal-006.png

Filesize
1KB

MD5
17e1aec21071b567921c447a85307a59

SHA1
415ae5698148170658ac4668f3fddacd0007c6cb

SHA256
1ce7481e3cebf47fedd8f673d07b3aae9f8d14e7dcad1d2314f39b675f269f50

SHA512
106d5ab28be2d5eb2ca4f74733b9a22ff3bba1e43113ef6df4cc47979f57492d7891341a44613d76eb2e68e4cc009e885644b8fe1a6f6f1c7d5cfd1b5c3cdbbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\Bar-Horizontal-008.png

Filesize
3KB

MD5
085bdf59a3ecd3045043c7dc0b9b3b3e

SHA1
b3cd7663841ccabac5647f6eafa8139e361c2bc7

SHA256
b5c18a13ed288982137631adc4ad5c1374c33536844411edc572b45f6e7e6092

SHA512
abd2f396e9a370b9687accf016efe71bb8cb14546f18b5db8a7784242c3874d434031595ba309d2e7fc246a7b79c837c2bf8f45f505ab259fe59c36ca42c57db

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\ÃÙ»ÇÔÇ´¹µÃÕ.jpg

Filesize
384KB

MD5
c39d48af0fcc79fe792fb71b72117db4

SHA1
6072676939a6d20621e422ef90823dc59a389412

SHA256
00b6a649c97091597b6126d4ecabd062c3296ea70f4271d92fccbbb374bf4d9a

SHA512
e671f3d98b29d6068222b94a614a7c0e03d2eecb60f7b6d5cfb68669af88b578ce25bd9a284bace89f0446054117706643054a515c509fd678af5fcef182bda7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
920KB

MD5
78ea8e1289fe9a924f925373f0b61a20

SHA1
05f85401142c11aa83238336b4a6547aa83a3305

SHA256
98fc930032705b2ea23d7e3bbccdaeeb395afb5e548dc84b424036b2147bdf4a

SHA512
8b4092b9a76297c075270ae8750aedcd4a56dd770009e48317ac3bbff967916209f1bc5331dcf91b88c557ecca46b1b30703c82e6be17a2d95d606a0c44677c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
344KB

MD5
a894fa99ac2bb461454da25255e861ce

SHA1
8845fedf1f7f11988b6ecac352c430470c113b49

SHA256
3a9cd7bdab3b702ed55786ef75852cc5fbee1ba27a9092d68532dd5394937905

SHA512
5ccc5290b8d157a4ea553b8261f01aade4250c711baafe1db2ae52b7bbd18e1a97abb5a5e9c61364daeddd2c1b22c227e680e1b4fbd91048ea8b09603af76bd7

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
201KB

MD5
f020ec110e1207e69f1ea45d482d8973

SHA1
719701eebb864f1c4dd01e90615b2d1dd0fd81fb

SHA256
656ae8d847d38463e6472e640b292460260bac078f15b7c68eb94ab1094a90a6

SHA512
5375b405eb6df00ae93d3967c6e8945c6f8c1fc5aac273ef67ab7ef261e7b9b6510759fcffc458d814e4d7e926991f74a9b5bae06394021725f373cec3e191f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
2.1MB

MD5
05ed9f4141048a3c71cdbea61c6a59e9

SHA1
a91cb2cf3a507092c7b33f61a3d1d78a4478be57

SHA256
eb6099b2e18ccd83a9abae102233e4aef9da4a5e7e05b228cb8fa3bc96eaea36

SHA512
7b580712a6891b10d2f7003040da4993d4de6de889de8aebf63a09b091f3696277d8c325e8d256d17259aad3b0a2a6c21475f0264ba0909594af1fe7526424f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\client.ico

Filesize
24KB

MD5
cf8b3038b5427008ee1d49762c230f86

SHA1
32aa3274eef2410cba5c92b48fcd44c493614c88

SHA256
2b1439096e7e2493d17ae837ce9bb484c1d288686ce63d83d867258bef138016

SHA512
42703c3c71fad31682fb23ee53ffb6a8ff0d27b9f122c8448e653fff82b5a7721227bf58ec8c3df5b7b00aba1eb4f540f5c5950836f461ef7bbe4b0b6c02797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
322KB

MD5
c3256800dce47c14acc83ccca4c3e2ac

SHA1
9d126818c66991dbc3813a65eddb88bbcf77f30a

SHA256
f26f4f66022acc96d0319c09814ebeda60f4ab96b63b6262045dc786dc7c5866

SHA512
6865a98ad8a6bd02d1ba35a28b36b6306af393f5e9ad767cd6da027bb021f7399d629423f510c44436ac3e4603b6c606493edf8b14d21fabf3eab16d37bd0d25

Download Submit
\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
1.4MB

MD5
82f8b20605899ce178eb3b4bcda258b6

SHA1
69b5cb40380a55cbd008a30177dedb6f40cff77a

SHA256
ed2e68f67bc374ee7e0740173bc1c53bf8bce2e8f616491cfc0e7e19e050dd08

SHA512
144300c82f21620dfdedb938d5e28e8d7ec14d1becadfffa844b8a173b490118b259466965fba075d907c5bbe055b1da5ba840752cc650972072973b826ae72c

Download Submit