cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c

Analysis

max time kernel
133s
max time network
133s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
02/05/2024, 03:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe
Size

57KB
MD5

ca4a55809ed7cb45686523906a3ed394
SHA1

2e5a509f4dedfbd42b165bccfb75f1074c8b606b
SHA256

cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c
SHA512

da2dc6668a70cfe232a859e70429986d76c852e3f9e229e7d942e9086294edc89c55829e509f69dd51713747a9f8e6128a90b4c7d791978deca49cb6d7d6dff0
SSDEEP

768:IGnekOEPJjjGdjzAjluDhvRQUB4LSeKn+lTFPG8BY96V6G:FnnxJUsjAFvRQUB4mV8T0FgVN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2864	codecupdater.exe

Loads dropped DLL 1 IoCs

pid	Process
2364	cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2364 wrote to memory of 2864	2364	cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe	28
PID 2364 wrote to memory of 2864	2364	cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe	28
PID 2364 wrote to memory of 2864	2364	cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe	28
PID 2364 wrote to memory of 2864	2364	cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe	28
PID 2364 wrote to memory of 2864	2364	cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe	28
PID 2364 wrote to memory of 2864	2364	cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe	28
PID 2364 wrote to memory of 2864	2364	cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe	28

C:\Users\Admin\AppData\Local\Temp\cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe
"C:\Users\Admin\AppData\Local\Temp\cc48f5eb6c2a48884d675643d5f4ffea5a1d514189f4d383b4dd018dcb2b798c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2364
- C:\Users\Admin\AppData\Local\Temp\codecupdater.exe
  "C:\Users\Admin\AppData\Local\Temp\codecupdater.exe"
  2⤵
  - Executes dropped EXE
  PID:2864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VIF0OH2A\pdf[1].htm

Filesize
167B

MD5
0104c301c5e02bd6148b8703d19b3a73

SHA1
7436e0b4b1f8c222c38069890b75fa2baf9ca620

SHA256
446a6087825fa73eadb045e5a2e9e2adf7df241b571228187728191d961dda1f

SHA512
84427b656a6234a651a6d8285c103645b861a18a6c5af4abb5cb4f3beb5a4f0df4a74603a0896c7608790fbb886dc40508e92d5709f44dca05dd46c8316d15bf

Download Submit
\Users\Admin\AppData\Local\Temp\codecupdater.exe

Filesize
57KB

MD5
1399b86a7fde69ede1381b64e7aeb3e2

SHA1
41ce458a4649cf9e91ac5d40fc311aaabc74fbb3

SHA256
1fdd2fde6f2ea10c8ee4ee2535b4973d97b742e11a1afba9fb2746eb0e5faad5

SHA512
305ee8e24f2037b5a00741fe0fc8e562fb86d0dd23404248e37f427d3824aa052a7b2ddc6207d13939ba0926209cfe8ba3b68778409d82584fdd36568e83b218

Download Submit
memory/2364-0-0x0000000000401000-0x0000000000402000-memory.dmp

Filesize
4KB

Download
memory/2864-8-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download