eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93

Analysis

max time kernel
118s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
25/03/2024, 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe
Size

9.6MB
MD5

e06429917939f835a787155befa4d5c7
SHA1

3cf7021f659046ca4cadac4ec80659b8de8a4f1c
SHA256

eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93
SHA512

5e2f05074d0efb4b6923776e524a959294015c27e4b8d38802a5d826e5f624c6796d73ce8690dc70c0ae954e29c237eed89dcb1a960bba14a481f5500b52904c
SSDEEP

196608:uLkq/+p4VDnpZfZKzpP/D0KprR1dLfzr2oOLck7XPOBZ3nwjeiqkXBshcv:ow49TAz9fBdLn2oUck7XPENnwjeKXtv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2928	autorun.exe

Loads dropped DLL 2 IoCs

pid	Process
2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe
2928	autorun.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2928	autorun.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe
2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe
2928	autorun.exe
2928	autorun.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2956 wrote to memory of 2928	2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe	28
PID 2956 wrote to memory of 2928	2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe	28
PID 2956 wrote to memory of 2928	2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe	28
PID 2956 wrote to memory of 2928	2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe	28
PID 2956 wrote to memory of 2928	2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe	28
PID 2956 wrote to memory of 2928	2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe	28
PID 2956 wrote to memory of 2928	2956	eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe	28

C:\Users\Admin\AppData\Local\Temp\eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe
"C:\Users\Admin\AppData\Local\Temp\eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2956
- C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe
  "C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe" "SFXSOURCE:C:\Users\Admin\AppData\Local\Temp\eb05bad8b0e397dca98bb0ac869923a544c0af18e1dd688fc540ca8ab5d5db93.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\10_1339.Btn

Filesize
10KB

MD5
ff0f7e75e01bbc7893ba284707b14339

SHA1
2970d617585059a6db37ffe033e538dc5a3a2e39

SHA256
3b4e90c7179dfb8595659bc92f46653040106505ea868310989a7f66331fc457

SHA512
d074c9da4eb162981a89d1b493d41170d5bb876f91cc4118f4525ae909e7f737e6a68e79f05c5efa0f76e0d1c2b94a8d3fc1120abc81a137e1f1d885c480eefb

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Kapat.Btn

Filesize
5KB

MD5
5d71b5433ad775244ee80f656e887153

SHA1
934a6e503fbce689100b441088f5e673a367f4d7

SHA256
4602bedf773f6814fb34e58e1d2f1d91acdade4d7803ea38b2ec0df23e709780

SHA512
79809e515df8ba91e38a52dd9ffb1d1506c69ec248f9161f97a570c80553404d2744686597be7b1e2ab0f9d6466170f126fd54149898e2febb98b686370a53e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Buttons\Kucult-1.Btn

Filesize
3KB

MD5
d564a841bb23d31dc3c762c791a08584

SHA1
eca0ed0c84211978836a5105ac28adec44eb8a08

SHA256
4f8859961a7fccf601474e439dc82c0fdb8cae9b946dfac674af8ed4083fd253

SHA512
2295d94ce03cdb75b197a3af7dc14beac333e948e6a77c24f5b8be19241dd032635d3e34c2d060b4106ef78893321a516d743ffdb13f62e0c0f0dc6e3dc43088

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Icons\as.ico

Filesize
97KB

MD5
e40de79712f7c314f578bc87773c2c95

SHA1
5a42215e9fb51f248a3b7fbe100a1a632287e9e2

SHA256
79c8330722ff53323e8fc3996957288a58d4e821f0d3acfc88f8f4fe164cd30f

SHA512
efd8eb54222b078c2e294c0b49cbe068b2912f2dc92032269f716a63d1284ada1de2e9be75591535448d97e62f6b4d8ca9d7eaa20904eb978202293ca5ef5cf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\1310750598_icontexto-inside-blogger.png

Filesize
10KB

MD5
0b091580c86d3d5b2d5a90369f355bb5

SHA1
a8ffd7d6463060e96fb0f06e5a06d057a95acc0e

SHA256
a32278461c0d4f7f97c3cfc0260537fe68842006b3fe082b55211f2dce62edf1

SHA512
173b75986b1361b2c1ca536f28fa827cb938291907b9129901d96d49fc79f9746574d73d1b8ee06e73420ebd51081a8a2a8bd6656e11a8ec6fb3ef936a38c11b

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\1310750624_icontexto-inside-facebook.png

Filesize
11KB

MD5
398a409a3e847066006e99c2f0ab0dcf

SHA1
5cad39501e102a34439b454c546eb69697caee00

SHA256
0e06f55776d0cf134333044b8f0c432066da780970d338fa4dbda38a675c1dc8

SHA512
bb88130429267f83c9a37cd157eaa22686930aa2d4df7dd97e1ca52ecbcf764062ebfa94829cac83dc64d7fbce2b645f500f9e571ff7529690c3a2f6de3fff7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\1_1.png

Filesize
29KB

MD5
bd435cec198c6722d17fd1222f2d1e71

SHA1
c6bc46c3d5db3f00503c366efe28ea18480a0db4

SHA256
411d608d8ef27ab6314737b6a445f4e3f93e83523b4514362ba5e9391c6d1635

SHA512
72ccb436da061ecf88171b566c30938aca65d509b98f06b3b60d21b515f5b93dd42f95831c56fdd1a5abf09599037fb79f62098bbe9ba88172ae7c46523859ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\1_3.png

Filesize
11KB

MD5
eb984435a1efe1c308601ce5b15caa33

SHA1
d37f1b3ffbe44ba0cf1171dae72712824ce0ea6e

SHA256
23db073544fcf1e017e76fadeb1475a772d7f5f991a9a324c928ce6dbf743db6

SHA512
376de11bb41dc9c62964741359d2e4ad62ead510aa1a758c0ee78a7bd10b636bdcc16e12685e96cfce2f6c421796c13efd6dfde533eaef1f8c840bb85cf7be79

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\5_2.png

Filesize
129KB

MD5
da14b011a79950deea89d768f7d8497a

SHA1
ac3b6693b12ea63556e1ad991b775ee3c87d4d33

SHA256
be323ac2506b8f782a3bdbb560571ee786cce5e49a91157a90ff6b661f295ecb

SHA512
af3c1af0e9e79ae1e5f842033fcdcc00fae735655221977f3cb1300add4c5be91f113503be7d8e347116afb788400477fafd9454cf13ac819c34a3b47c568e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\5_4.png

Filesize
11KB

MD5
9fe9cfc673c2a8dd69f816e6bd687480

SHA1
2b0185295c0dc09838f25a253cc845eb5808eff9

SHA256
ffb009a74977d609b7da46379ce870eeda3a525fe13b080e4d25a0356add95ad

SHA512
cc3cffd19391c60e165a9849ef8fd1d2807b9daf54506bc72878f577be0d33f9cb0b8a9fe894ca9950d74e3d89ee2fbe0840a8fda6064a4c8e2991125da3fbab

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\bn_1.png

Filesize
7KB

MD5
9ea8db4c691b6f332084228cd239c8ba

SHA1
aa76ed6644e8736f7066bf882ff0f79c636b4219

SHA256
d56c933199c623a70f9649b9ad9b5b593558d6692e0e93a3d053615f144d3ee2

SHA512
879c4549567e0a6e5ef805f7cd833b2224f12a5d41ac1b6cfa5826ab1ed5ad1ac4f81fcb59a7a65cb9fe485658804573e595f3149f5d57b19f4cd3fd09d31b69

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\logo_1.png

Filesize
96KB

MD5
a892344b432ea652e4b6f7e97a4b543d

SHA1
6cc803a61908c2b4be4c50df67183fcd520fee68

SHA256
18993e43851fb0b0c310310a78db3660dd5b4daa57bf6493b185141c3fae3174

SHA512
b1c28dfd4faeba9f120b978dac3dd9211d21384ccfbbd6c3b15bb8cb3625134945b5f626514f13af4129ace1ff7eef2491dc736ff32c918dd14fe4c24cee42c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\logo_cityville.png

Filesize
24KB

MD5
205576471eab48a523418ad86ea80185

SHA1
9b77b288eea260d29f57f472d2ba5df26e58dfe7

SHA256
f1bcab739f5ffeb4c359914fa8414e74a2f93eb266748f9d841185cc5445c3d0

SHA512
5c42c59667c2fa2e369d8ec4a3831e1dc772e4e1c745f386562b83aaf79144365ced210d22923f21b5fd46e5f46174ddf83a1342ac96e181577629c7860aa5ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\Images\me-gusta-facebook.gif

Filesize
9KB

MD5
c2e72e015e1aea51f100cfb8a160f4c6

SHA1
42c3de8134ceb00443dcf38a9fd95c19a1441450

SHA256
6ac8ff9b30b381523912621290c6dc332aaf81f290827b397f639da13b5a31eb

SHA512
0b76d6e70277c12c3c369ed7371a936bbc26ab0424f6da46d70f19553b8406ae70d51ac616f8eeca557b2086ae3d72b680994fb1e99586a2b24b7a00499ebdca

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\AutoPlay\autorun.cdd

Filesize
1.0MB

MD5
16ed3ac13d8a1d90328e925f999621b4

SHA1
61418ac0189a1c9d8c81d616a17d07fdb2ec8227

SHA256
8be15ab93e9876849887ac583a7d473dcbb5529aace42ab96c0fc08e7d6a3823

SHA512
f8d870b0e315e68b47d015ecbf8ebdf6d3d276de9fac9b4bfc2b6ec8c083a860306c8f7127f5e6b43a7fa8e5e197b762802ec37a2eafcf313d6c1332153947b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
5.9MB

MD5
ab6f687791057c1be6d0bb69edee3530

SHA1
37f8e3a64b62053e604d87bfd8fa19e87b3e2a80

SHA256
cc324268989de92f350c12db887e05fc7f74cc311575030c81b3b45c481358f9

SHA512
2ebfef3deb6a190fd4fd63001857db68bbdbce178515ad83531f094dfb99d51a31e5d1187fd2547350a33e1d45e876d7231ee73c9a2764b34f029787f89e6570

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
4.4MB

MD5
82205fcfef1accc8a8fe109b3419a0fc

SHA1
0ce4cecde95ab5ca3618e24b4d4ba5c357753705

SHA256
63f14bdcdb6309583c4be73cc3edcae571c6b664a2da345409c88d6b845bbd42

SHA512
fda64ad435f606cb18752c0318a073d9849caa4dc56de08fe51d15341972deb653de5967ba4b9a4213c2474b3450873fa2d0777d7abd8d90f71700474169159a

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
1.4MB

MD5
15bfd17484dfee82a7edd223f3051030

SHA1
9982e3df16b926e0a01f45bf00dd24d1b9ea0074

SHA256
cec384eb7ae68f6a5f27179768acce1011151c726d176bf033161c04ec9668b5

SHA512
697fb3f1617cbb12949b784ac4328e502b8689360e1c75231cc35625a890ad97d2a39540b86c944f74d95c3e554721cc5eb599eed28718f090bdae649de2f476

Download Submit
C:\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\lua5.1.dll

Filesize
318KB

MD5
833f004c5da3d31d078fae67323f90bf

SHA1
43c5b356084d30b2cd30c835939eea28e1018b2e

SHA256
1f7aae6b6fd013d1246dfa47168b24a78df3f98cda36f390e227abb5093ef30c

SHA512
f9cecdf175f275c6a2b43437b2327282cae225119eef9512ae633a4faf742c9901c6e319027bfed60c1e475e642ea8686410550ab81b355437ffa80aa684cec4

Download Submit
\Users\Admin\AppData\Local\Temp\ir_ext_temp_0\autorun.exe

Filesize
6.6MB

MD5
15c139bf3b278c6c03f65b989f8cc269

SHA1
3e499ff90ed0b8ead76ef60f9ba8b027bdee8951

SHA256
e3e0b6541077f9d6f22729a38ecee43aa19de8b47e9f5d8f7c74216e5a240748

SHA512
e0ddbe9be08c194b33f949dc17b9e3c62827731910f4102a48428fa6d8805a214400d267739eec41e7cb088cbfe207dddaba76959699db59c4ce2b86cc7be478

Download Submit