70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c

Analysis

max time kernel
122s
max time network
123s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
01-05-2024 23:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe
Size

2.3MB
MD5

3268088a49c825b6ea88431b2677b7f7
SHA1

2b8f5c399bb3af762ba91daef72a9580aac9bc3f
SHA256

70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c
SHA512

0b22d1cdac1de2a02e51198bccb897d6ee49dd456816be65be2065ca6de4aa3fb5034653b180fe31eef66f2410c4213b1d7495398c2feb07e838dfb5dd225121
SSDEEP

49152:yVz7tXklo1OkA9+LCy3i42450EzZ8MNT/plcYjICNEn09+KccT+SMv3bf:yVzmlcOkraUOMRBmY+8Q0MvLf

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

pid	Process
2880	regsvr32.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 2880	2072	70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe	28
PID 2072 wrote to memory of 2880	2072	70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe	28
PID 2072 wrote to memory of 2880	2072	70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe	28
PID 2072 wrote to memory of 2880	2072	70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe	28
PID 2072 wrote to memory of 2880	2072	70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe	28
PID 2072 wrote to memory of 2880	2072	70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe	28
PID 2072 wrote to memory of 2880	2072	70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe	28

C:\Users\Admin\AppData\Local\Temp\70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe
"C:\Users\Admin\AppData\Local\Temp\70827833f75f0715047036d89f8ecd5838af4fa65ef1cc8f22d4f1550f7a9e7c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" -s F2Zd2.LL
  2⤵
  - Loads dropped DLL
  PID:2880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\F2Zd2.LL

Filesize
2.0MB

MD5
28d7c06a1e3ff250510ec267bf4c2e1f

SHA1
49988f6f387b0d38c50dcb0d2385a3bec2fcc1b4

SHA256
1786437508b53d794053a4d5837062f1eb57c32b2df6f1bf8caed480c7bd3102

SHA512
e7636bdffd03c0afa4ac3bfa6b2dbea4db27102ace63465c9ccf18cf763b5e4152db0df67935493b2952d52deb294dfcff582dcd8d9cc52a37bb983b5e223078

Download Submit
memory/2880-4-0x0000000010000000-0x0000000010208000-memory.dmp

Filesize
2.0MB

Download
memory/2880-9-0x0000000000A10000-0x0000000000B38000-memory.dmp

Filesize
1.2MB

Download
memory/2880-10-0x0000000002760000-0x000000000286C000-memory.dmp

Filesize
1.0MB

Download
memory/2880-13-0x0000000002760000-0x000000000286C000-memory.dmp

Filesize
1.0MB

Download
memory/2880-14-0x0000000010000000-0x0000000010208000-memory.dmp

Filesize
2.0MB

Download
memory/2880-15-0x0000000002760000-0x000000000286C000-memory.dmp

Filesize
1.0MB

Download
memory/2880-16-0x0000000002870000-0x0000000002F85000-memory.dmp

Filesize
7.1MB

Download
memory/2880-17-0x0000000002F90000-0x000000000308E000-memory.dmp

Filesize
1016KB

Download
memory/2880-18-0x0000000003090000-0x000000000319A000-memory.dmp

Filesize
1.0MB

Download
memory/2880-19-0x0000000003090000-0x000000000319A000-memory.dmp

Filesize
1.0MB

Download
memory/2880-21-0x0000000003090000-0x000000000319A000-memory.dmp

Filesize
1.0MB

Download
memory/2880-22-0x00000000000F0000-0x00000000000F2000-memory.dmp

Filesize
8KB

Download
memory/2880-23-0x0000000031410000-0x0000000031414000-memory.dmp

Filesize
16KB

Download