dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c

Analysis

max time kernel
148s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
29/04/2024, 03:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe
Size

396KB
MD5

013015f2b22ae32c128959f2a6c28abd
SHA1

48e4cf4e69faa18b3fbb2121092d1ce2ba9eda35
SHA256

dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c
SHA512

23af967f459294b53808b854dea2d01c88ffab7bb51443e764f3d01b1a338d46a8bc247ef115c6217ae39306c352a48f8425766da31f17f0c23fac0035767856
SSDEEP

12288:4jauDReWm3nmNjhXqkSEEEEEEEEEEEEEEEEEEEEEEK:4DDYIXp

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1200	vvagnu.exe

Loads dropped DLL 2 IoCs

pid	Process
2008	dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe
2008	dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2297530677-1229052932-2803917579-1000\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\vvagnu.exe"	vvagnu.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2008 wrote to memory of 1200	2008	dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe	28
PID 2008 wrote to memory of 1200	2008	dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe	28
PID 2008 wrote to memory of 1200	2008	dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe	28
PID 2008 wrote to memory of 1200	2008	dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe	28

C:\Users\Admin\AppData\Local\Temp\dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe
"C:\Users\Admin\AppData\Local\Temp\dec53240475e09ea7101de0514420baa67d1474854c808913cc14aa91ca1841c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2008
- C:\ProgramData\vvagnu.exe
  "C:\ProgramData\vvagnu.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:1200

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\MSOCache .exe

Filesize
396KB

MD5
887dd23fe4fbdb3f89053d56066fa96c

SHA1
57ee5f6bfde072b075fa8b764f4b7e2f4a9f7d78

SHA256
b7995e6fdad5159e7a872f84b32438528fb4b18127c9eb7aef67bb5908a1935c

SHA512
3bb688f8d64d36fb0e8f03596fc57f1ec7ab4420bad0d4c2afc95a1906b286afd38631803419eec62e8a6a10f823bcbef98a352fc5f5e826e65be60c05b10157

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
cb4c442a26bb46671c638c794bf535af

SHA1
8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

SHA256
f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

SHA512
074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

Download Submit
\ProgramData\vvagnu.exe

Filesize
259KB

MD5
a17cbe5db8323172a16b3888197430f5

SHA1
5ca258b784aa6d0b4e2a2dcf7ea70a94b23aa04d

SHA256
cbedf815ea4875850ef12d3fc0a3c2882e29658372cebac9fd911c5f158a3b03

SHA512
5e136e474ae67ea66ca171eb1b9c6688bf784bf1d858d06ed3f4fb8fb4e845ecb632f77adc1c98f06463846ab73dd5a88269524cf9e5b103a7f65cdfe9d5cc68

Download Submit
memory/1200-135-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/2008-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2008-1-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2008-14-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads