Analysis
-
max time kernel
119s -
max time network
126s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
21-04-2024 06:01
Static task
static1
Behavioral task
behavioral1
Sample
@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe
Resource
win10v2004-20240412-en
Behavioral task
behavioral3
Sample
@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe
Resource
win11-20240412-en
General
-
Target
@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe
-
Size
3.5MB
-
MD5
f3926079722ea980ed43703b7e56c578
-
SHA1
c91f413aaed6a2c97cef6ceea4b821faabe35994
-
SHA256
19cf5c9f250d27c1ff53f81a0ebad37428ca71a2647e358c8b3f2bfda102a8ef
-
SHA512
9157bab3d721fbe835250a2b864f7a8ea2a3b4e9e21bc527ca08589bd90446e887fc6797554157419a2efa2466ee30e6171746ee0e71ccfa224395ea33fa7828
-
SSDEEP
98304:ZYnY0iuf1ZByTLpwiaOZu2u3YP21sr7wx4oDIouiIOiUq:ZYnLI1witJu3A5wCoehH3
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Setup.exepid process 764 Setup.exe -
Loads dropped DLL 2 IoCs
Processes:
@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exeSetup.exepid process 2300 @#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe 764 Setup.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exedescription pid process target process PID 2300 wrote to memory of 764 2300 @#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe Setup.exe PID 2300 wrote to memory of 764 2300 @#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe Setup.exe PID 2300 wrote to memory of 764 2300 @#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe Setup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe"C:\Users\Admin\AppData\Local\Temp\@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2300 -
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:764
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\python310.dllFilesize
4.3MB
MD5fc90f16df2e942d04add02e705ba9bcc
SHA1a64997c424e6d28a2e47c347c7ae9a37073b727d
SHA2565aa78fb7130326cc0a37cbc04854df22f890f7692e27747dbc88cf81f62ea157
SHA5126d058416def68a7e642e679e5d42348d47b3e9c6ccbff84827b8c1bb0e076525e4b3c24b7577455ed1d83a8f3a6602ee248afd35f8463396043ac6cd183a82e6
-
\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.exeFilesize
94KB
MD59a4cc0d8e7007f7ef20ca585324e0739
SHA1f3e5a2e477cac4bab85940a2158eed78f2d74441
SHA256040d121a3179f49cd3f33f4bc998bc8f78b7f560bfd93f279224d69e76a06e92
SHA51254636a48141804112f5b4f2fc70cb7c959a041e5743aeedb5184091b51daa1d1a03f0016e8299c0d56d924c6c8ae585e4fc864021081ffdf1e6f3eab11dd43b3