354025b7c5bc644adf7df822eaee78dbbb2f0c68dc3088f5e2c0adaebec8e9e2

Analysis

max time kernel
140s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/04/2024, 19:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80f5a5027407dec5e8a6b90e0c93f118.exe
Size

1.3MB
MD5

80f5a5027407dec5e8a6b90e0c93f118
SHA1

5d6caa61b2800557bcdfcab147d9a1fedb866b52
SHA256

354025b7c5bc644adf7df822eaee78dbbb2f0c68dc3088f5e2c0adaebec8e9e2
SHA512

62356a6813f2e0a90de1b3e94e697aaed565ea937e175440d6e7a09295a3dd555edde3622ab2dedfdf594a26095c6ffad53bc08cf8fadbbb5a0a8397008352bc
SSDEEP

24576:dg3Hg8/qYZ5Lw1ExKCUXhN0l4uSSs3ybEnrYwfqV1x1GWYRWPpHUiVjYil2:dg3Hge5ZVw1E8CiWlxSSs37CfJYRWPpa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3652	HouseholdCalculatorTrial.exe

Loads dropped DLL 4 IoCs

pid	Process
3652	HouseholdCalculatorTrial.exe
3652	HouseholdCalculatorTrial.exe
3652	HouseholdCalculatorTrial.exe
3652	HouseholdCalculatorTrial.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 3652	5116	80f5a5027407dec5e8a6b90e0c93f118.exe	85
PID 5116 wrote to memory of 3652	5116	80f5a5027407dec5e8a6b90e0c93f118.exe	85
PID 5116 wrote to memory of 3652	5116	80f5a5027407dec5e8a6b90e0c93f118.exe	85

C:\Users\Admin\AppData\Local\Temp\80f5a5027407dec5e8a6b90e0c93f118.exe
"C:\Users\Admin\AppData\Local\Temp\80f5a5027407dec5e8a6b90e0c93f118.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Users\Admin\AppData\Local\Temp\mia3F4B.tmp\HouseholdCalculatorTrial.exe
  .\HouseholdCalculatorTrial.exe /m="C:\Users\Admin\AppData\Local\Temp\80F5A5~1.EXE" /k=""
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3652

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mia1\licensecheck.dfm.miaf

Filesize
128B

MD5
26d8eb4cc3defa59f4e8fd1713ea2ab0

SHA1
3d39a67ab169ca9f6ee0a9e2073142b5b75dd1e8

SHA256
d5de1f79d4aea2327a85379fb51ac3157907809043aa1e4aa34878e3e9787442

SHA512
5e3d9b5d65896a5c836babdd892a306863342563fb2d41c56fb342a7e165f0319eca6d24ce2825011ef0b109c304c7c4cb0dc4d0a493bc4281e32ce8970a1acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia1\mDotNetExec.dll

Filesize
397KB

MD5
3905d09c98dcb9668fc106b67c88fa60

SHA1
61d7c4b7564b49e1f4d9cd4f20a5f625aad1df13

SHA256
dbb46f0b80f2937b1850d8fddf0c1fc840fe2caa5dbb6b15e82a82c9bc669311

SHA512
2913ad67b973829abbf0c84b389dfcdd742d4c47c165c12f4b54d27325e1b1e23e3a5389180d889150e3c3a70fb20f0568c8a5c71e7f339a77cded5c266767a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia1\mWinRunExec.dll

Filesize
397KB

MD5
fdca6bd0013cbb1796920c68a574a56d

SHA1
087654a788096ed4b9e0eb8220d18c443d97f07c

SHA256
b845e304db5655ae2439bc7cccaff789c4afd39486697e36dc50eb365e83ecc2

SHA512
464e2c5406dcf0f663012cc23e1d7d4df7ef2d060d1a1d700a4da1c0f211514b3025aebc94e956aba7e6e36a09dbd04082630d89b80d4465d372564c4d881d7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia3F4B.tmp\HouseholdCalculatorTrial.exe

Filesize
2.2MB

MD5
99318799c8ccd15a91e7dd9cac02029d

SHA1
620f7e9750daf467a5512d970c7ebdf195fb97b2

SHA256
dfd125a3dd1cf7011b604e4fabc38c46581ec44b64c5d7739d2e82422e4a2be3

SHA512
d167c434c03af3bec211980ea46bf4a1b6636900104ba2c8d0419fbc4351ef3c0b1efa0405bca3f6829e2f340ce58b0e9a4d82e0ff1d89cd13c08d8dc74f6424

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia3F4B.tmp\HouseholdCalculatorTrial.msi

Filesize
258KB

MD5
2c28da9b9419bf65b57b736c3c00dec8

SHA1
eb887e2cabc4db499c9884ec54cac3f15674b95e

SHA256
85207c3188215e9b916e6b23d13d02142ed5ed65a3fe2894ce4976eb3ad1b1a3

SHA512
79652898e4033b01810a0d0018e30f4a40e890baa8ef932ad483f41f8ec712fad7fb7b365f3c3a8d382dbe39cc7d481c4e97f2ddaef2cb92dcf50e7d9002e4f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia3F4B.tmp\HouseholdCalculatorTrial.res

Filesize
2.2MB

MD5
c92a9e69d60814f6342b38ea429e0e91

SHA1
b7c9f7366b6455c9b58f2d4724f0819ed9943c7e

SHA256
ed02cd1ac12075f685ba6aa2e18e656434bbc1681e64d266b40da14be2e833c3

SHA512
f5887abefa320cd7ba7722c85cacf6fc5edabf38a04f07d8cb4724d2f856c5039b9c4f0c33d14c86547d1eb54a5a201845b29b7ac9870859994eb158a0a66753

Download Submit
C:\Users\Admin\AppData\Local\Temp\mia3F4B.tmp\mia.lib

Filesize
565KB

MD5
e6c930ab2d929ce6ac088799b57ae430

SHA1
8d1628b4f816dc93b8f843e7a28d760ad0edccc6

SHA256
d3125717c7f99cee05045995d10f2986f9a2608ffdedfb29b34b472f3f36f952

SHA512
a3d082674d9a4314bdae8e9ac429bd22030bc7ff69c695afd53ba9a785c7a5ff44fd7599278bb0422378b0aae3102d652f2cc03574285729196078f2717bae4f

Download Submit
memory/3652-13-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/3652-103-0x0000000002D80000-0x0000000002DED000-memory.dmp

Filesize
436KB

Download
memory/3652-106-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download
memory/3652-110-0x0000000002D40000-0x0000000002D41000-memory.dmp

Filesize
4KB

Download
memory/3652-111-0x0000000000400000-0x0000000000655000-memory.dmp

Filesize
2.3MB

Download
memory/3652-113-0x0000000002440000-0x0000000002441000-memory.dmp

Filesize
4KB

Download
memory/3652-114-0x0000000002D00000-0x0000000002D01000-memory.dmp

Filesize
4KB

Download