Analysis

  • max time kernel
    140s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    19/03/2024, 18:46

General

  • Target

    2c4b9526560dc6da89a37bcec2eef6e0a23cc90028ae77dcaf8344138743bfff.exe

  • Size

    359KB

  • MD5

    c8cafbcd86fb5fa3c657523005020aff

  • SHA1

    9a81678a4a71688868ed8af2f4d0921882dba9d5

  • SHA256

    2c4b9526560dc6da89a37bcec2eef6e0a23cc90028ae77dcaf8344138743bfff

  • SHA512

    06c88fdb8e84a88aaddda6c46342276bcb73c9b2a64e5acf0fc3daab58f96d92090477b681bc002d0370bbb05a81c2f2eb874f1296de8d38a5e14ffbf8ceccf2

  • SSDEEP

    6144:ztvBPnU1b7e9SQii1EkoNlhlrQ2ZrM2xQcSGemVd7bI:Zv1nWdQP1EDhZPxQlmT7s

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Program Files directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2c4b9526560dc6da89a37bcec2eef6e0a23cc90028ae77dcaf8344138743bfff.exe
    "C:\Users\Admin\AppData\Local\Temp\2c4b9526560dc6da89a37bcec2eef6e0a23cc90028ae77dcaf8344138743bfff.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:2284
    • C:\Program Files (x86)\Microsoft Build\Isass.exe
      "C:\Program Files (x86)\Microsoft Build\Isass.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:2300
    • C:\Users\Admin\AppData\Local\Temp\AK_2c4b9526560dc6da89a37bcec2eef6e0a23cc90028ae77dcaf8344138743bfff.exe
      "C:\Users\Admin\AppData\Local\Temp\AK_2c4b9526560dc6da89a37bcec2eef6e0a23cc90028ae77dcaf8344138743bfff.exe"
      2⤵
      • Executes dropped EXE
      PID:2736

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\AK_2c4b9526560dc6da89a37bcec2eef6e0a23cc90028ae77dcaf8344138743bfff.exe

          Filesize

          142KB

          MD5

          81a7c181639679983efb07c2dea2ebd0

          SHA1

          93370e8e5cb0d89bf6786445f94dd02dbb84b574

          SHA256

          8320c7f90f65b48e4031b680506a9579751789ded4d90fa2fbfc2fb7db7e3ec8

          SHA512

          599cca13e527c92cdf88df06ed8a01eee1bc602c565ab69e251f7414e19833ce42f0453771bfdf27d16f9f70112835b599d26a6ed92901fdf86bbdf8adf4d2f7

        • \Program Files (x86)\Microsoft Build\Isass.exe

          Filesize

          213KB

          MD5

          58f9e911b4f1ba7c52787e8403734643

          SHA1

          4a912d75be4d67c735643048293e9736c41926c1

          SHA256

          d2da6cdb0749963a805bff0b6fc85d028f70ca25d2673549552af06bc35bb3a8

          SHA512

          4c325e42e4c70120f57f49e7f08a29f38a2cb906375ec23e855f9cae6363cdcc7340cc6b3e1ab2b6d293ec0bc877d6dc86783ecaf255cdef7cea3768bc7ee433

        • memory/2284-9-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2284-16-0x0000000004330000-0x00000000055D7000-memory.dmp

          Filesize

          18.7MB

        • memory/2284-14-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-25-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-29-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-44-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-37-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-36-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-35-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-24-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-18-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-26-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-27-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-28-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-19-0x0000000000220000-0x0000000000221000-memory.dmp

          Filesize

          4KB

        • memory/2300-30-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-31-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-32-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-33-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2300-34-0x0000000000400000-0x00000000016A7000-memory.dmp

          Filesize

          18.7MB

        • memory/2736-23-0x000007FEF5150000-0x000007FEF5B3C000-memory.dmp

          Filesize

          9.9MB

        • memory/2736-22-0x000000001AA50000-0x000000001AAD0000-memory.dmp

          Filesize

          512KB

        • memory/2736-21-0x000007FEF5150000-0x000007FEF5B3C000-memory.dmp

          Filesize

          9.9MB

        • memory/2736-20-0x0000000000970000-0x0000000000998000-memory.dmp

          Filesize

          160KB