Overview

overview

7

Static

static

3

c8af933956...eb.exe

windows7-x64

7

c8af933956...eb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    121s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-03-2024 13:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c8af93395670a0888d6adb9b17db78eb.exe

  • Size

    7.4MB

  • MD5

    c8af93395670a0888d6adb9b17db78eb

  • SHA1

    999998a98931e8b5ab89ccb40a2e242402b04883

  • SHA256

    29b15e8d7d728c48f7da14ec6d689f5994654e24194ad4b9d8cdf9bd6874fd7c

  • SHA512

    cc02a094d6542ba481a398832558bb9ee70aee0526adaa356e73b25ea5ce31449c88b4fad1ddbf640db72185da3cf7eebe1f1d9a3580c00482d5df688f537c1b

  • SSDEEP

    196608:L8Pe5j/ITFFTqG/db3yLdX8GQ/yOe3KlUrsHS90eq1L:Lge5j/MB7yuArOeq1L

Score
7/10
discovery

Malware Config

Signatures

  • Loads dropped DLL 6 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c8af93395670a0888d6adb9b17db78eb.exe
    "C:\Users\Admin\AppData\Local\Temp\c8af93395670a0888d6adb9b17db78eb.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2208
    • C:\Users\Admin\AppData\Local\Temp\c8af93395670a0888d6adb9b17db78eb.exe
      -deleter
      2⤵
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\isp5E3B.tmp\IGdi.dll
    Filesize

    184KB

    MD5

    298c79ac2f609736788cc7cacdeeef32

    SHA1

    1cce1dcc23a941e650edfeaa7de59327fa452ba2

    SHA256

    63671696aa87c0862e6381bc759116cd377c5331ab50ae6d05ba7cd29cf02580

    SHA512

    29fc496780a4fdac6a8c4af6b737973019e3087b5d3d8fe8625d4ce1de88e437eea0254d8900934846c6519ce0bffbcddfe1aa01cf5736b47dba58f06071fe23

    Download Submit

  • C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
    Filesize

    304KB

    MD5

    369ecaca6c59265f47d234da8faab871

    SHA1

    162bf1cb2d201766e4f0fa52dbeddd603eca9a21

    SHA256

    ad010c642f2bb264c69c153dcde78daa0bbf4699155f22e16641bba82158e7b1

    SHA512

    3430ccc7c78633c860c29778a0b854d5acf52b65283e88f18cad51796ece59cee1b2b040ffebd50a6ea52d2ce88836a06c136b92d7efc97e75ce8989d7571392

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\bye5C53.tmp\Disk1\setup.ibt
    Filesize

    425KB

    MD5

    0fcd29b249c145bab33f24c8341dd0a3

    SHA1

    375d97a6c23974da0f73db806533bc3205676ec0

    SHA256

    8af43e8f489b166177d6820783f55d32911baed67378e5542ee0a3e3c51ec4bc

    SHA512

    57c5c61be9c2105dcc6da9830b527cb0acd83f04faab418df603874a3b682cd33148b3092ad8eb0b9ca91aa011278a5576aac62aa4074ebb4759928892091e55

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\iss5C73.tmp\setup.ini
    Filesize

    495B

    MD5

    c1a2b47832c41e3013a63aa095e889af

    SHA1

    c84d9af84dc6c51be85d9446f5b23d4605e8379e

    SHA256

    ea2f29dcb221ed23ee155e3336d01c71630dcac983208a90bf6cbfc19dc68515

    SHA512

    bf02456c66af34808d5f3607ed57707b524ebcaac92ae91cd73c70ea5243f694c4eb7aedf5b1cf5a890d7d9cf5ef717f3d52645c22a3699985389b5b23f00efe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\skin5f01.rra
    Filesize

    16KB

    MD5

    ad4695c916e1610ced05e6c9a34f45d2

    SHA1

    e0053ffa31732e131b4a3d81204d93b953443785

    SHA256

    d12f20294bfae4b572b71cbbb2f6d553b21982c90495fbf69833556b1790d949

    SHA512

    ff44b05c6bb53ae34431e6623a2c2e52d85984b33c7650269b35317822b860c9a38ba0a0f2154396b81811dabae9d2b3d32669ce87c7e87695e3633292a06eea

    Download Submit

  • \Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKe68C9.tmp
    Filesize

    712KB

    MD5

    1ea0c41b4f2f0e807700f9a72d99ac05

    SHA1

    65c693fd17be74d1c8dfeadd591f3c3408ae321c

    SHA256

    cb29c9091d22a94e1aa72a6f2a83e01013e5148d8dcfba8c90d2cdbd6d9b6e48

    SHA512

    3f4e80bd8d3808fb76acef835c70cc00503acf38f13d3cec54bbf9cf87343a4c1d148a146fa432ca884eaf3c327e199c17432c91f6d6424fb3c17890255feda3

    Download Submit

  • \Users\Admin\AppData\Local\Temp\isp5E3A.tmp\_Setup.dll
    Filesize

    360KB

    MD5

    32fa757c64fb62f07f3205016656a0a7

    SHA1

    78c7d2f00878e2efa591a6e3ac80edab8242473b

    SHA256

    ff6944c00f11ab10cc9bcbfe4f6f0cbab088b52448904282a695eea56787d82a

    SHA512

    d87aef916ce072f16b6ca5978a424f2dc648d880241651019e6f21377834fdbba8dd424b002db373888840b358e13122c87e3db51a7bde6cdb1509fe74ac647a

    Download Submit

  • memory/3068-100-0x0000000000A80000-0x0000000000AB0000-memory.dmp

    Filesize

    192KB

    Download