94ab177cc62af8c0fa1d2a0be6575db5bde69a52d126293e6a7fe5c01607597d

Resubmissions

03-04-2024 06:43

240403-hg5c1aag74 10

03-04-2024 06:32

240403-ha5eesab6y 10

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
03-04-2024 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

!!@NeW_$etUp_2024_pAsSW0rds$_.exe
Size

13.7MB
MD5

b1cb85d0689f64c6373345fc6b084f5f
SHA1

9901c71cf849f77161732f1ab9631b111fd00753
SHA256

94ab177cc62af8c0fa1d2a0be6575db5bde69a52d126293e6a7fe5c01607597d
SHA512

3a2751b43a725fa436907156f3976a93eaebbcaa93eb3118f35ceb7268cd9f3a5037f8b02216dde58fdf6e766a728fbf8db5668f67dd3225342e1411e83f2f51
SSDEEP

393216:uPUByGBdf6xy5DEs5Rr7+EVrwRGJvxPjVHs+i2sUC8RS:uPkyGBdIy5DIEqY3M3T

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

setup.exe

pid process

2648 setup.exe

pid	process
2648	setup.exe

Loads dropped DLL 11 IoCs

Processes:

!!@NeW_$etUp_2024_pAsSW0rds$_.exesetup.exe

pid	process
2204	!!@NeW_$etUp_2024_pAsSW0rds$_.exe
2648	setup.exe
2648	setup.exe
2648	setup.exe
2648	setup.exe
2648	setup.exe
2648	setup.exe
2648	setup.exe
2648	setup.exe
2648	setup.exe
2648	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

!!@NeW_$etUp_2024_pAsSW0rds$_.exe

description	pid	process	target process
PID 2204 wrote to memory of 2648	2204	!!@NeW_$etUp_2024_pAsSW0rds$_.exe	setup.exe
PID 2204 wrote to memory of 2648	2204	!!@NeW_$etUp_2024_pAsSW0rds$_.exe	setup.exe
PID 2204 wrote to memory of 2648	2204	!!@NeW_$etUp_2024_pAsSW0rds$_.exe	setup.exe

C:\Users\Admin\AppData\Local\Temp\!!@NeW_$etUp_2024_pAsSW0rds$_.exe
"C:\Users\Admin\AppData\Local\Temp\!!@NeW_$etUp_2024_pAsSW0rds$_.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2204

C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2648

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Multimedia.dll

Filesize
716KB

MD5
a753b28600d26383401429a8641e145b

SHA1
057d76b836ad68602e9d03adfcf6fb002f5b73b5

SHA256
d6cd0a48b2b32f47fcd439b55769748b529149fbd1901f6c4759b263cea22216

SHA512
3bf3eadd96259f72d5f4152cb81da35decce77282cb6dc9a9277cbf60a31f47ecc9a571af85baec013b99af5b9edfc0ceaed5fab70282d7554991a6650478de5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5WinExtras.dll

Filesize
282KB

MD5
3fb65e97206482138ae1093252c94021

SHA1
e6a1bea7ecd7d654b8160c60f673723669091953

SHA256
6c38c5fcc054c2344a5afcd4f92e4a2c4cc7d73c0b4f5087d037eee371862a29

SHA512
5c8c23a9e1c4546f2320277e3f9d1f9efae1e5f374d3d841c2964ff0d16897906c1d4c156648d3a7b885026279a4a1e4035944b0cb621f860431d6d65cc38e01

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\mommy.eps

Filesize
763KB

MD5
42d65f158858ae97401a478dbb024602

SHA1
370adef8e6863243db5e4a17b581dd391a465792

SHA256
ddfe3cfbbed68c40b80b5648dd3aa7e6e7cbcddfa5e96b64a287d9d1afdc2ede

SHA512
76f2b20c0d47b61c36dda3c53977dab512686882451ffb2437fd0ff0af196ae1946ba0af6a0a71759cacd3054f6a80da12f2c5b1b662986b4d93efb6486b7e44

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Core.dll

Filesize
5.8MB

MD5
a69021f31874d4aefec8c3a2bedd4437

SHA1
aff85d5df7a4e69303f579b9a5a2ae82e14f3af6

SHA256
dc68a1446e829afa5c7e33f4dd2233e096a492bdf3a82eb0eeacfafb69bdecbf

SHA512
63fff0338d325f63431004f0fdf9e21a570536c1ac95ccd3f8a33c065d29d35d524ef6e2e5878d3986109e681480c03c2311b2447611003850d381bae4707667

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Gui.dll

Filesize
6.2MB

MD5
34893cb3d9a2250f0edecd68aedb72c7

SHA1
37161412df2c1313a54749fe6f33e4dbf41d128a

SHA256
ca8334b2e63bc01f0749afeb9e87943c29882131efe58608ea25732961b2df34

SHA512
484e32832d69ec1799bd1bcc694418801c443c732ed59ecd76b3f67abf0b1c97d64ae123728dfa99013df846ba45be310502ef6f8da42155da2e89f2a1e8cb2c

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Network.dll

Filesize
1.3MB

MD5
03bce6428b28109712aee67d612ca930

SHA1
f1cd0d5376b0a3553a36a3a899b9c3bfa390f6b0

SHA256
9477313d8b6291de7f2e7cc1829c50cf4c1de5a1c9f434a292c748a2b79c3567

SHA512
b103850b0f24f134b358689caddc12f741ed2bc18eae9c4cefcee5b1efba4f43b424c65cb8ed5ccaf3de833abcfd5a54806c7d402884a584c1a7ec1c16cf5ced

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5PrintSupport.dll

Filesize
316KB

MD5
d0634933db2745397a603d5976bee8e7

SHA1
ddec98433bcfec1d9e38557d803bc73e1ff883b6

SHA256
7d91d3d341dbba568e2d19382e9d58a42a0d78064c3ad7adfe3c7bb14742c2b1

SHA512
9271370cd22115f68bd62572640525e086a05d75f5bc768f06e20b90b48a182f29a658a07099c7bc1e99bf0ffcf1229709524e2af6745d6fed7b41c1addd09f1

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Qt5Widgets.dll

Filesize
5.3MB

MD5
c502bb8a4a7dc3724ab09292cd3c70d6

SHA1
ff44fddeec2d335ec0eaa861714b561f899675fd

SHA256
4266918226c680789d49cf2407a7fec012b0ed872adafb84c7719e645f9b2e6d

SHA512
73bef89503ce032fba278876b7dab9eac275632df7a72c77093d433c932272da997e8fbeb431a09d84baac7b2ab2e55222ff687893311949a5603e738bfa6617

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.exe

Filesize
8.5MB

MD5
d96919680103fc15a941c14f42fef59f

SHA1
c8eb42ddb5ca60fefd4ce7884560f9d150cefcb7

SHA256
b9b50790c130e782fa572f832b3cec5ab77da914577a1bd5d209fed2acb516fa

SHA512
bf9a00d0888509fa14ba747440ea4fc1b1788082ca7446355c34853064006bc537c53973b9edcf785c3db0a4129ed2361f50a628390ed2f4e8f7417acfb8bb98

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dll

Filesize
557KB

MD5
7db24201efea565d930b7ec3306f4308

SHA1
880c8034b1655597d0eebe056719a6f79b60e03c

SHA256
72fe4598f0b75d31ce2dc621e8ef161338c6450bb017cd06895745690603729e

SHA512
bac5729a3eb53e9bc7b680671d028cabef5ea102dfaa48a7c453b67f8ecb358db9f8fb16b3b1d9ea5a2dff34f459f6ac87f3a563c736d81d31048766198ff11e

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dll

Filesize
96KB

MD5
f12681a472b9dd04a812e16096514974

SHA1
6fd102eb3e0b0e6eef08118d71f28702d1a9067c

SHA256
d66c3b47091ceb3f8d3cc165a43d285ae919211a0c0fcb74491ee574d8d464f8

SHA512
7d3accbf84de73fb0c5c0de812a9ed600d39cd7ed0f99527ca86a57ce63f48765a370e913e3a46ffc2ccd48ee07d823dafdd157710eef9e7cc1eb7505dc323a2

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dll

Filesize
37KB

MD5
75e78e4bf561031d39f86143753400ff

SHA1
324c2a99e39f8992459495182677e91656a05206

SHA256
1758085a61527b427c4380f0c976d29a8bee889f2ac480c356a3f166433bf70e

SHA512
ce4daf46bce44a89d21308c63e2de8b757a23be2630360209c4a25eb13f1f66a04fbb0a124761a33bbf34496f2f2a02b8df159b4b62f1b6241e1dbfb0e5d9756

Download Submit
memory/2648-44-0x000007FEF61E0000-0x000007FEF672E000-memory.dmp

Filesize
5.3MB

Download
memory/2648-51-0x000000013FB70000-0x00000001403F4000-memory.dmp

Filesize
8.5MB

Download
memory/2648-53-0x000000013FB70000-0x00000001403F4000-memory.dmp

Filesize
8.5MB

Download
memory/2648-54-0x000000013FB70000-0x00000001403F4000-memory.dmp

Filesize
8.5MB

Download