373254770b5c06e66a598ab32208d9b26d3d5c2c04181145226060d6f3fb961e

Resubmissions

24-04-2024 07:22

240424-h7nsyafg21 7

24-04-2024 07:18

240424-h5ahjafg2s 7

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
24-04-2024 07:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Clangen.sfx.exe
Size

77.4MB
MD5

058e987a05ac63bdecf68b886d14ec78
SHA1

aadb53f27280cd0ba5da89da3c8ac2c83c8e6562
SHA256

373254770b5c06e66a598ab32208d9b26d3d5c2c04181145226060d6f3fb961e
SHA512

2fad72c96e29b3f34998bbdcfe3304ea71e2dca74cf00a0cbef22db662bafad993dfb032958473bdac8799a297521ad93014426b9f6dfde49b20cd0f7e85022a
SSDEEP

1572864:IMdNbn9kuHTQNehtquAeLoGcp2dFIuCdeEuJkVbK:IWb9l0tu3jd2VykVbK

Score

7^/10

pyinstaller

Malware Config

Signatures

Executes dropped EXE 2 IoCs

Processes:

Clangen.exe

pid process

2556 Clangen.exe
1200
Loads dropped DLL 3 IoCs

Processes:

Clangen.sfx.exeClangen.exe

pid process

384 Clangen.sfx.exe
2556 Clangen.exe
1200

pid	process
2556	Clangen.exe
1200

pid	process
384	Clangen.sfx.exe
2556	Clangen.exe
1200

Detects Pyinstaller 1 IoCs

pyinstaller

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\RarSFX0\Clangen.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

Clangen.sfx.exe

description	pid	process	target process
PID 384 wrote to memory of 2556	384	Clangen.sfx.exe	Clangen.exe
PID 384 wrote to memory of 2556	384	Clangen.sfx.exe	Clangen.exe
PID 384 wrote to memory of 2556	384	Clangen.sfx.exe	Clangen.exe

C:\Users\Admin\AppData\Local\Temp\Clangen.sfx.exe
"C:\Users\Admin\AppData\Local\Temp\Clangen.sfx.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:384

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Clangen.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Clangen.exe"
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2556

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\python311.dll
Filesize
5.5MB

MD5
d06da79bfd21bb355dc3e20e17d3776c

SHA1
610712e77f80d2507ffe85129bfeb1ff72fa38bf

SHA256
2835e0f24fb13ef019608b13817f3acf8735fbc5f786d00501c4a151226bdff1

SHA512
e4dd839c18c95b847b813ffd0ca81823048d9b427e5dcf05f4fbe0d77b8f7c8a4bd1c67c106402cd1975bc20a8ec1406a38ad4764ab466ef03cb7eb1f431c38a

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\dicts\events\death\beach\mediator.json
Filesize
6B

MD5
81c4b355911c21cac4599b0908838c4b

SHA1
dc9f0133b9773cf81564cfab510bfc53584d2e4f

SHA256
b423bb45501e0fa49d3b77e635f800a29f1fdcf5a58e00c7e04a7ff7833045f2

SHA512
fd7631c3f8ca04ab8baff3e43fb7d054e5c159ca841bf2cc2efbbc47732672313d0fb7ebf82f48b4e12e3b6624f6fe7b5805afb20c57ccaa4ae835145c9e4714

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\dicts\events\death\death_reactions\child\child_platonic.json
Filesize
4KB

MD5
1ab496f39c77d5c82f44b9c4c27a0b35

SHA1
e8890a824e734d5ecf8dc229f7ff805f95c95a24

SHA256
f18a43b516b7fcf6b3b82332a4425945209acfb39926f47e86db871dbf2f0e2a

SHA512
635fe88b80247b62a6bf39ca910fa9e2f774a97b46ded5b555c8cde5bde31827c978280724ccfb79f4450b6569ada906b5da775ac2a83b1603ed7acbddb3f01b

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\dicts\events\death\death_reactions\mate\mate_trust.json
Filesize
2KB

MD5
357071bfbb534ebb4e6385bda142c63d

SHA1
91da147be235f3edbd14952ace3473bee12347ca

SHA256
9b3dc0d558b93232a0b97c504eeb24ac22f32f54f05d94bcd493e43597f1933b

SHA512
f63e12730353b4867292ec63463a248173c0eded08ec608dd94ea8a7a303d84cb172792ac1ec7ca7f937df5ff7c696bc63af9ac19ee814319d38b4d91161f322

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\dicts\events\death\death_reactions\sibling\sibling_platonic.json
Filesize
4KB

MD5
1079fd215e8eb217237e1d1e08e177bc

SHA1
8911507fceca254b61d26e87f12a66273c7f6caf

SHA256
2ec81679cee5287a6c1fe01457b58e30a73c3ba2233fc672b812896bd2932073

SHA512
51f9fd49000e087059f1cdf5c772d839fc8e4775042b3a5c4a667d563ccbbc5d77ba9b81e1fa9cd8aa4c589cc59d4c416886684ebfaeac4b5057f6af03cf1210

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\dicts\events\freshkill_pile\beach\elder.json
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\dicts\events\injury\plains\elder.json
Filesize
561B

MD5
4cf2c77411d8d9116120e5ac71c0ebd2

SHA1
91a047a0ffe98d757c615e9419f5218f325af785

SHA256
de8a1717a7c6ec17590147501ad78a769f2cf7efac623007d47eb4d797469d78

SHA512
ac31d764f614cca81d39207698c16eb39032e196235311b4643f8fc59976a98bd37cd679dcf07f99629e7a194108cb2b4445e1adf8d6be0b9d2a498fc8824e00

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\dicts\events\injury\plains\warrior.json
Filesize
4B

MD5
fdaf133263369980df600fd06ce738ec

SHA1
a0b6262ba8cbcec6ff4deaf819c552474b6f8f2f

SHA256
5cada29124805d8e0454dc5b67225bbf87075cffd53418e9c56f674708220e2c

SHA512
890f0df02a824ef9c2cb3c7f9e63ce74846524d8a6c6ad0c6e17237fae087548fc40cde6c54dcd1e4b780c0f05930a6c0ef042b8036f076a0983bf5259fb6056

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\dicts\thoughts\dead\darkforest\exiled.json
Filesize
10B

MD5
504352a1f39e3227c9852aa329c558e3

SHA1
cd94171c87c02b0bccb4a0d3fcc4be8f50c883d0

SHA256
ea8d5685a7db9b0f447cf25900d8ea04a02a538d526737bca67511cba927f575

SHA512
e8fa616bfb4599d21ab5b070348b3b1090b082075401e51c80ace3e01d13030ff8d81caae6d89cba9fbf277a65a4020183d89c760d44846ce738bac5b91a060e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\images\loading_animate\timeskip\15.png
Filesize
1KB

MD5
bf538c82eaef294ce8808f8777f2767d

SHA1
452b9c19388e8f803baf43f6e73c7d86287dec96

SHA256
5156f5c9c7c3df757655024cd85a5db96f4e12dd48bfbfffa43cdb7e7f17507b

SHA512
5e7cfb997358e95433d44b9cf6ae4c9146fb0f278c567e810705409e981a213997d47e830203dcefdc5575811a725b0184d64a92de7110ba7e6f857cb814eb5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\resources\images\patrol_art\mtn_hunt_newleafsnowstorm.png
Filesize
10KB

MD5
a15fa47b130296fa48c0048f3f1a9c90

SHA1
688a1320993a1d5b2374190c17f2aa29d09f9f75

SHA256
43b641c073810c2d82f5de8ab17e622ce1672fe5d5261d1bdb8afa9c081d7f06

SHA512
44acf70ffb7ea9661eb9df4b073dd5594b8fcd1609305e274677219df226f426cbf539d52a297ad30f5eaf7f12406e2667d6518203902f90e0b44ad7355cc4d0

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Clangen.exe
Filesize
5.1MB

MD5
30712264600cb5dbac0cf9436afb8057

SHA1
87d07b89f5f94a705f4c8c3017887fe204c8582e

SHA256
4cca30c7f69113632bcbc829ffab14614599624752d021bc00d232bcea54c596

SHA512
fcf890b818c5461b0cb244ac7436b98411617316de025cc5c8ed5857dc9c4e7477701ac09c47e4b3c77bb6b5a17e3a21d43ded982a21172648bc6b8bcfd6fd8c

Download Submit