8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f

Analysis

max time kernel
119s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
05-05-2024 08:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe
Size

8.4MB
MD5

aa86e014b2ad328daac5513e5e2623fd
SHA1

b57a1f0ea51c48c156b1cd59eb899e4db3efe32a
SHA256

8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f
SHA512

fc9f37a1c09ee3c267611a14189549c3dda38e39c45450a6098f239e328e287db1a1c9652219477043fc258a0e2ac256f23d01dd596f435811c5334267edaf00
SSDEEP

196608:EqN0XWwylcJUP8rwvfrtIpErZ/dq7JbzroYmgdhafb+GJPpixwPucv3buM:E2s1q0rwvxIpErZ+wLjfFocfH

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2608	FirmwareOneKeyUpdate.exe

Loads dropped DLL 32 IoCs

pid	Process
2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe
2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe
2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe
2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe
2608	FirmwareOneKeyUpdate.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 2608	2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe	28
PID 2696 wrote to memory of 2608	2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe	28
PID 2696 wrote to memory of 2608	2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe	28
PID 2696 wrote to memory of 2608	2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe	28
PID 2696 wrote to memory of 2608	2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe	28
PID 2696 wrote to memory of 2608	2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe	28
PID 2696 wrote to memory of 2608	2696	8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe	28

C:\Users\Admin\AppData\Local\Temp\8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe
"C:\Users\Admin\AppData\Local\Temp\8038841f700f74da89d828951022bc4c2d5bc744b9db37cd764ddc9846ce5a6f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Users\Admin\AppData\Local\Temp\RarSFX0\FirmwareOneKeyUpdate.exe
  "C:\Users\Admin\AppData\Local\Temp\RarSFX0\FirmwareOneKeyUpdate.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2608

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\RarSFX0\ASUSConverter.dll

Filesize
906KB

MD5
5633149e12605d1daa1d31f1119707e4

SHA1
9fb0392e257a9df990c69f96dc094ff120de65c3

SHA256
a8ebf83a0bae7309ebefef18523bcf078c38ff4bbfbf08bd13c7a0a2388a5607

SHA512
77555914e126edb6fe1b7b077a520c24038a4bf3398ac0094bf84026b38b1fa81c361806ccf345d38e0d13489b3c1c8d076994cc260e29cf4c7ec44e9f9efef5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\Comm.dll

Filesize
2.1MB

MD5
b6f4206da8249609ae5c5ff15139bd99

SHA1
da56be55bc2e9de505ea070018c4f8d04a6bc845

SHA256
2dfaca5620efcc9cc6e13f0a4767d02a08da23f8bc11add8c8df88865c4db0fc

SHA512
5a049e56de133d94a099f2c1cea3695135e5ca6245ededf005d53bb8acb2dd77215862c1644d02799e39b95405ebdab505432ad10b7a91275fd55f817ecc3dc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\Comm\Comm_TypeCI2C.dll

Filesize
2.0MB

MD5
3f3c95cc596ddb994ce42a58aff80164

SHA1
75f0bbaad58c3e84b2efe6d09d2c97e4faab5f72

SHA256
97e11733996f4e7cd23ee1bd8afb0362d16e306b22d463928ced3b393e71d4e3

SHA512
e2dced316c96898b929f2b6627f00f67021c4006158af9dc86f94c64bdb1b1ba5daf24301929f8fc6001890cdea7ab822b5ef390123043145027cdfa838a85c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\Comm\Comm_UsbHubI2C.dll

Filesize
2.0MB

MD5
dd0fb0b0e9da2ad272c7f94d88641af6

SHA1
55b79487ff68d68b3ed0a3d74425d0240267091b

SHA256
9b688bed1391d742713ad680a40e3347107cb25b5a16c3bbdc567ef8564ffcda

SHA512
719d704c92d96de8511a8381b875b30860affdc747527d74c2bc48a1bccc5618c53f912b210a93d29a8989e305212615873699762083ad1c682695a2a2d077bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\IspLog.txt

Filesize
402KB

MD5
92f9ce4e8888928aedf4581a6c1b7587

SHA1
ecdb2ab70f082218e650958f8ff0adc67ef3ac2b

SHA256
54486bab27d505352ced8d8339926c204ccbabd36005beca6da71e84f3b26728

SHA512
91a209e6b8a872f0dec6afb208bba68fe20ea01f013ef249432cf53f7a9fbb976873348b789b523c6259f6e88427676f460525e8c336ce742393b1a574ee6d8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\IspLog.txt

Filesize
402KB

MD5
c268034bed4a65f827b8f3ad8c505664

SHA1
d8ce87b2e55ff0841fde7a92ef0a4c7d9e2425c6

SHA256
20367f79991d25641bad6186cc26e78461910531bf77dd0dd212848fbe527f89

SHA512
8221651e9d9b1d7a5ecabfb7412c36415a103820d53deb500d522c996ca2e1a864be22980e1ed4fce836052d0c30a56b1e93c85254aa1f9b639c918d40d23bd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\IspResult.txt

Filesize
17B

MD5
a8d2c0f8c156c94d48bd464e9f1dfe78

SHA1
b3fc292e30c84f387b440ee2ed0149f9d78b7390

SHA256
a2e56f1fd732c459c9fbade549dfa34fff02f3475456f40c97d8685d20476a11

SHA512
251fd652920b15f86659d0e1e9543207017841baf61ce2dbe8f8b3962591b05074b3782dfcd15983562b5d3aac74243ea83c6fa08815ea8307761dc20e80e885

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\IspSetting.ini

Filesize
725B

MD5
db141d6ed524c394a38dbcb40c66803c

SHA1
9435f001ab42a372d6d0d461d7e090ba7fef6c88

SHA256
df1cbc6b7e4fb48a32ce74b694c2dc5b7c5e65295b1813b01de383b0a992879a

SHA512
4605e23307c2e5c57db9004489e1ba4958b755bf5762c2937b59c6af093e8239da42d5e6008446aff1a457325aa08fd9143b64ee0109743fe5cbeef8d1c5fea6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\IspUserDefined.txt

Filesize
158B

MD5
c88c92e2864bde00045c7d88e940801a

SHA1
0d49b2f80b0d672a8ad0fe666d08eeb9f5b364b5

SHA256
f5b8e6ae86714a959549076f419008fe5787fc309ac8d056872b3a29c82d1544

SHA512
b1afc1fe3962c26de829239f183550cce5707c94bafdae1c5f38799f0fbc9848c13550ac5330d2da983a82e48dc32e6d5ceecc9b8b93f14ce54705aa74ca1e97

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\PlugIn\WinIspPlugIn.dll

Filesize
2.5MB

MD5
96d3e558d5732115cc3c20a80bb9e6fe

SHA1
97b68836d7a111fd30a524fad5a6b81c56ed5a43

SHA256
b054fe8894ec154c29bec5bf971aa19c63f678eaa7bd3b86971e9fd2b4bcda58

SHA512
cb39427e4a0eb778849f0c2bcf5e3bebf9e649e432bf90af622eec77c6404f82c6983704d6b3786f4f9614b08b99e387d894ef4b9e2208c87144ae5587c2f4ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\WinOperateCScaler.dll

Filesize
2.3MB

MD5
a9a63635f4e46b45eda1ecc43229bd19

SHA1
2967b73a1353a2dc484d3a1441b3c3cdc3f0198c

SHA256
07039a5ee7c219907cc288a1a96ccc1087dd890e07ebc5b45a4eafa5304bf6bb

SHA512
0e7a66bd80622294507c003253c03491735486d58ab5c2de7fd5217c6a64cdc86dfbfe88caaa84fe05aac732a1352549a206809f0aba8b611a78f3022d67af08

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\RealtekDock.txt

Filesize
49KB

MD5
a4a9ca1f832bfb1988c569727c55418e

SHA1
ad713eedff6127200f1c6a50761356e80705d369

SHA256
aa3a7d6a04d40791cd9fe21cfec912295f38e036b16c701420301be94341515c

SHA512
f2c146526aa81650ec08156ac2b6da58d06121d566800cf18fb3cab85cf4bc9fc676fd6f2c4eabb2e629eeb2e698edd49d02caf71e716ca2a3fab1afadb46648

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ScalerFirmwareInstaller.dll

Filesize
2.0MB

MD5
8f8406aad94fc093f9296ec3f7ecda01

SHA1
db6ebe6e74dde28d465062edc1aae4c93f1d081e

SHA256
fd3fa6962c8130449ead3175e22be70fb6be1f5bee53a0d03b5ee6bff96ea94a

SHA512
e4d513f4e11bfa483234b27d5488656d6e1c3bb45c68624b1678f3e9d9eb829f7bd85a4f058f681c2ddc5453e4db3740e701dab6784b8c813fc3fedfd3e7b973

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\SettingConfig.ini

Filesize
254B

MD5
9c1244eef5859cad13530d3a97e792a7

SHA1
4e420b801f66116d75dbc9ccb38c5bdc8814e214

SHA256
3a2ce3e69e6a18112e9335a5acf14dbbfff87d1032420827cbbeca90774bb2db

SHA512
99d66694f330f2641c1771c7b43aeea58906620a6cb13d2880d26201444b28f401c4b3e1fed314f9a873afa4e47e3be3957555bd170959b90a6edf61409c65c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\config.ini

Filesize
75B

MD5
13f4cdea42f3d112e2d8814259aa322d

SHA1
9a4a5a95db367390226696ca90a8f106e40e3ae6

SHA256
cc87bd731f6bd7a1cd1026d6b7a20939d9cc9581f398cfe7b78ea6e912a2b7e3

SHA512
a336362c6585159a85af9a9b21ec1245a88037291cda558e75847e46486737c3f20b9729d83b2577dfa6ad40622e0b7213fc121d62bd7f0095b84ad529fb110c

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\FirmwareOneKeyUpdate.exe

Filesize
73KB

MD5
f59694688b675f3e0d282fb904d1ae0c

SHA1
b2af3a734d1f82028baa30929a7db9b599c4d7a1

SHA256
5ade7bc7c5c312f78bdfac37f3fe732ea883fa9fecff8871365d0aee08c88648

SHA512
f55e98b047aecc631ccce8aa80c57838da31f5ca0403d24a1299b72f6b1a2a94e7077503a7cad3d82f01b8cfc4328f052678e0e0e8ba8afdd143a37ef3ddd388

Download Submit
\Users\Admin\AppData\Local\Temp\RarSFX0\Scaler\ISPTool\Comm\UsbHub\Rtshublib.dll

Filesize
516KB

MD5
e04a5e607e61039e5adaa5e7b57e9f19

SHA1
45bbdc2605065ffad659d457c0b5135942bd98fe

SHA256
bb7426d6a121dd17062d25a2724454cbb8385f53953f88c228cb1008a3cae1c1

SHA512
bc781286376fc4cbb9155b041911c3579052e73b3c614e73f4aa06f923c9d6c28fb56fcd87b8968a69ec47c706372c8ff29acc36295f8ef0a194f003901e7f83

Download Submit
memory/2608-80-0x000000007452E000-0x000000007452F000-memory.dmp

Filesize
4KB

Download
memory/2608-164-0x000000007452E000-0x000000007452F000-memory.dmp

Filesize
4KB

Download
memory/2608-82-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download
memory/2608-166-0x000000006E720000-0x000000006E85C000-memory.dmp

Filesize
1.2MB

Download
memory/2608-89-0x000000006E720000-0x000000006E85C000-memory.dmp

Filesize
1.2MB

Download
memory/2608-81-0x0000000000E00000-0x0000000000E18000-memory.dmp

Filesize
96KB

Download
memory/2608-84-0x00000000005B0000-0x00000000005BA000-memory.dmp

Filesize
40KB

Download
memory/2608-165-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download
memory/2608-83-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download