19cf5c9f250d27c1ff53f81a0ebad37428ca71a2647e358c8b3f2bfda102a8ef

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
21-04-2024 06:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe
Size

3.5MB
MD5

f3926079722ea980ed43703b7e56c578
SHA1

c91f413aaed6a2c97cef6ceea4b821faabe35994
SHA256

19cf5c9f250d27c1ff53f81a0ebad37428ca71a2647e358c8b3f2bfda102a8ef
SHA512

9157bab3d721fbe835250a2b864f7a8ea2a3b4e9e21bc527ca08589bd90446e887fc6797554157419a2efa2466ee30e6171746ee0e71ccfa224395ea33fa7828
SSDEEP

98304:ZYnY0iuf1ZByTLpwiaOZu2u3YP21sr7wx4oDIouiIOiUq:ZYnLI1witJu3A5wCoehH3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

Setup.exe

pid process

764 Setup.exe
Loads dropped DLL 2 IoCs

Processes:

@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exeSetup.exe

pid process

2300 @#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe
764 Setup.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
764	Setup.exe

pid	process
2300	@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe
764	Setup.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe

description	pid	process	target process
PID 2300 wrote to memory of 764	2300	@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe	Setup.exe
PID 2300 wrote to memory of 764	2300	@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe	Setup.exe
PID 2300 wrote to memory of 764	2300	@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe	Setup.exe

C:\Users\Admin\AppData\Local\Temp\@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe
"C:\Users\Admin\AppData\Local\Temp\@#!!New_SoftWare_2024_ṔḁṨṨCṏḌḙ#$.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2300

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:764

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\python310.dll
Filesize
4.3MB

MD5
fc90f16df2e942d04add02e705ba9bcc

SHA1
a64997c424e6d28a2e47c347c7ae9a37073b727d

SHA256
5aa78fb7130326cc0a37cbc04854df22f890f7692e27747dbc88cf81f62ea157

SHA512
6d058416def68a7e642e679e5d42348d47b3e9c6ccbff84827b8c1bb0e076525e4b3c24b7577455ed1d83a8f3a6602ee248afd35f8463396043ac6cd183a82e6

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Setup.exe
Filesize
94KB

MD5
9a4cc0d8e7007f7ef20ca585324e0739

SHA1
f3e5a2e477cac4bab85940a2158eed78f2d74441

SHA256
040d121a3179f49cd3f33f4bc998bc8f78b7f560bfd93f279224d69e76a06e92

SHA512
54636a48141804112f5b4f2fc70cb7c959a041e5743aeedb5184091b51daa1d1a03f0016e8299c0d56d924c6c8ae585e4fc864021081ffdf1e6f3eab11dd43b3

Download Submit