8fc3b1fa5ecb087e05099a67e7b39a8b452830b2e36c50a1c2c5f179c74e5402

Resubmissions

14/03/2024, 22:37

240314-2js8asbc83 7

14/03/2024, 22:36

14/03/2024, 22:34

14/03/2024, 22:29

14/03/2024, 22:22

Analysis

max time kernel
58s
max time network
24s
platform
windows7_x64
resource
win7-20240221-de
resource tags

arch:x64arch:x86image:win7-20240221-delocale:de-deos:windows7-x64systemwindows
submitted
14/03/2024, 22:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sscserviceutilitiy_4.30.exe
Size

967KB
MD5

51fe74106def0860fa5c15f5711fe298
SHA1

4df1243bf6ad0c3e0043eadfca7458c20721e1a8
SHA256

5707312fd6972376c62ce4703e87c349ea40d527a64d58a5d2cbe060c19b558e
SHA512

40527d0671162a690fdec49004c7127519ebb00a38f3baa778a1faf2a8d19c8b4a96ff539541f9da8db14d1d24e6fd3ef4fcec5aef36a93b4fde843ac2ae9538
SSDEEP

12288:EVcSgU/RWy1jHJaKVvip+u7hK0f55R2MES/X5qX2uUFEVBxmh7KK/cUr8P5oQ:EVHZr1jJasaKKTwX2KfI/nQP5x

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2700	INSF6CD.tmp
1332	ssc_serv.exe

Loads dropped DLL 10 IoCs

pid	Process
1732	sscserviceutilitiy_4.30.exe
2700	INSF6CD.tmp
2700	INSF6CD.tmp
2700	INSF6CD.tmp
2700	INSF6CD.tmp
2700	INSF6CD.tmp
2700	INSF6CD.tmp
1332	ssc_serv.exe
1332	ssc_serv.exe
1332	ssc_serv.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 6 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\SSC Service Utility\is-47SO3.tmp	INSF6CD.tmp
File created	C:\Program Files (x86)\SSC Service Utility\is-0CRLM.tmp	INSF6CD.tmp
File opened for modification	C:\Program Files (x86)\SSC Service Utility\unins000.dat	INSF6CD.tmp
File created	C:\Program Files (x86)\SSC Service Utility\unins000.dat	INSF6CD.tmp
File created	C:\Program Files (x86)\SSC Service Utility\is-DB8HS.tmp	INSF6CD.tmp
File created	C:\Program Files (x86)\SSC Service Utility\is-1QBR1.tmp	INSF6CD.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 1732 wrote to memory of 2700	1732	sscserviceutilitiy_4.30.exe	30
PID 1732 wrote to memory of 2700	1732	sscserviceutilitiy_4.30.exe	30
PID 1732 wrote to memory of 2700	1732	sscserviceutilitiy_4.30.exe	30
PID 1732 wrote to memory of 2700	1732	sscserviceutilitiy_4.30.exe	30
PID 1732 wrote to memory of 2700	1732	sscserviceutilitiy_4.30.exe	30
PID 1732 wrote to memory of 2700	1732	sscserviceutilitiy_4.30.exe	30
PID 1732 wrote to memory of 2700	1732	sscserviceutilitiy_4.30.exe	30
PID 2700 wrote to memory of 1332	2700	INSF6CD.tmp	32
PID 2700 wrote to memory of 1332	2700	INSF6CD.tmp	32
PID 2700 wrote to memory of 1332	2700	INSF6CD.tmp	32
PID 2700 wrote to memory of 1332	2700	INSF6CD.tmp	32
PID 2700 wrote to memory of 1332	2700	INSF6CD.tmp	32
PID 2700 wrote to memory of 1332	2700	INSF6CD.tmp	32
PID 2700 wrote to memory of 1332	2700	INSF6CD.tmp	32

C:\Users\Admin\AppData\Local\Temp\sscserviceutilitiy_4.30.exe
"C:\Users\Admin\AppData\Local\Temp\sscserviceutilitiy_4.30.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1732
- C:\Users\Admin\AppData\Local\Temp\INSF6CD.tmp
  C:\Users\Admin\AppData\Local\Temp\INSF6CD.tmp /SL3 $80130 C:\Users\Admin\AppData\Local\Temp\sscserviceutilitiy_4.30.exe 982896 986310 61952
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of WriteProcessMemory
  PID:2700
- - C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe
    "C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe

Filesize
384KB

MD5
43fb6acee2a100446838ce1a20d23784

SHA1
55e04c321ccde68cc2481c90f156a3f80bfb0891

SHA256
e2ff3513ea458bc163b5be6253310277a525673cb3566e9dc0a338e177a4059e

SHA512
4ea748adeda2421e786c3a2f2fdba7c77fafb7947a0adf57fba687981ba4e6e7b1228821eed19b339afdef90f0cb5aa5707e439690738b4eaccbbf5c03636f1d

Download Submit
C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe

Filesize
146KB

MD5
8749ea8a0a1211e693fb8fd7cbf9799e

SHA1
66ef205dbd436ae367949686171973c883222936

SHA256
a984c618099e242701f67c864a75caa91b13a77ca9ad5a3b29a3b23da69b4e91

SHA512
fd2e98e1c63303847a095afd8cbd0ca068c02e0e45e016a97b4827f5d2257b6e91e4348b4b91c5cc22a2361c0268ff1710bc6e150e7aa03f0607f92daa68aec5

Download Submit
\Program Files (x86)\SSC Service Utility\ssc_serv.exe

Filesize
650KB

MD5
5ac9d06768d112a1377f2e6161ad17b0

SHA1
4a302a62ba4c54d607ee84ccbef6634188eda528

SHA256
a3661e20714e1446ec618d3d091507510eccf046f8205f89a943b1b76a8af7c4

SHA512
a5b5766afbe7e014a65a6f55f1a0989a4a962ab080aed03cf2d0e4395ea38860d77b9392b5241906775e7b94723b4352d04d5ea3a71856f599680d9246037b65

Download Submit
\Program Files (x86)\SSC Service Utility\ssc_serv.exe

Filesize
128KB

MD5
b1c14bf259d1f8867a97cb3340076399

SHA1
350f7c638e6cf81edfe3aee1ecf6a52f2ffd8d61

SHA256
a5b40f2c99587ca92a3368d06b8e06f2c3ef3e1ddf1cecc614f04c3bc4ddc311

SHA512
30fc4efd5292eb8d2291672b34c0a62ad0fbc44b96301d0af9409ea029cf7766fb562bb4b5cbddff471fa5df31f6210ba1d7fde964b03fa014ef566873a74cf7

Download Submit
\Program Files (x86)\SSC Service Utility\ssc_serv.exe

Filesize
68KB

MD5
24e23acab47a7e33c1b95a60325b6fa0

SHA1
ff3d109ca52241619679ebfb717d9c0ee1ac48bb

SHA256
7d9a35460f7b9e1f33f6a5b799a3ae8f290991cd04548174dd5a49fcfa9e5f0e

SHA512
c687c5269e17948bc391ec08abbba3f9a6f2924a7b4d8fe75cedef513d61e9f8ead1f169cbe98e4ef7f9001c1318130ba6d7a9431025ce4122ba50c6c32ee0e3

Download Submit
\Users\Admin\AppData\Local\Temp\INSF6CD.tmp

Filesize
377KB

MD5
ec2a3559ef793d976d3f72252ade0b68

SHA1
1673ad41b3683d9fde4e331ef97711af05c4c014

SHA256
995ca25e8ac883429e67e2985887c2dc122e4d3cca48d6ab5b545e6a896ae2e1

SHA512
a9f77b1735eb88e3ed790a0bb00637a616c33414cbb6f0b582322759a3bea3bf2fd7a334f92c17dd9f1669acdacc7551611ecedb80c11e999ddd120f104355b1

Download Submit
\Users\Admin\AppData\Local\Temp\is-K4HQS.tmp\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
memory/1332-58-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/1332-56-0x0000000000240000-0x0000000000383000-memory.dmp

Filesize
1.3MB

Download
memory/1332-59-0x0000000000320000-0x000000000037A000-memory.dmp

Filesize
360KB

Download
memory/1332-53-0x0000000000400000-0x0000000000543000-memory.dmp

Filesize
1.3MB

Download
memory/1332-54-0x0000000003260000-0x0000000003262000-memory.dmp

Filesize
8KB

Download
memory/1332-57-0x0000000000240000-0x0000000000383000-memory.dmp

Filesize
1.3MB

Download
memory/1332-55-0x0000000003250000-0x0000000003252000-memory.dmp

Filesize
8KB

Download
memory/1732-0-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1732-60-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/1732-14-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/2700-48-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download
memory/2700-47-0x0000000003810000-0x0000000003953000-memory.dmp

Filesize
1.3MB

Download
memory/2700-45-0x0000000003810000-0x0000000003953000-memory.dmp

Filesize
1.3MB

Download
memory/2700-37-0x0000000003810000-0x0000000003820000-memory.dmp

Filesize
64KB

Download
memory/2700-28-0x0000000003750000-0x0000000003760000-memory.dmp

Filesize
64KB

Download
memory/2700-16-0x0000000000400000-0x000000000046A000-memory.dmp

Filesize
424KB

Download