Overview

overview

7

Static

static

3

2d16694929...c7.exe

windows7-x64

7

2d16694929...c7.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    117s
  • max time network
    117s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    14-05-2024 20:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2d16694929a453e2eb8b2bf1ed8b38d33088e8b1e53ab9b28fe03aa71c8879c7.exe

  • Size

    253KB

  • MD5

    463a2e0261af91c6382b3544f4a83218

  • SHA1

    39211c51d41cd5c1eda07b8e7ec240c58f855ea7

  • SHA256

    2d16694929a453e2eb8b2bf1ed8b38d33088e8b1e53ab9b28fe03aa71c8879c7

  • SHA512

    6d1720d22f0b13d347a863e974a52add88e7fedb9fe1fcd3a3f800b5108680fe61c8da05be846b0e15dcc3f821e145b23adc5bb13e6399c0e34a5d4047acbae1

  • SSDEEP

    6144:72Ked8cbc1jEPTYZxZs0g+/9lUdDRN8KrAZkX:7Od8d1I7H0gYlUb2KrA0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 6 IoCs
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in Program Files directory 23 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 5 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2d16694929a453e2eb8b2bf1ed8b38d33088e8b1e53ab9b28fe03aa71c8879c7.exe
    "C:\Users\Admin\AppData\Local\Temp\2d16694929a453e2eb8b2bf1ed8b38d33088e8b1e53ab9b28fe03aa71c8879c7.exe"
    1⤵
    • Loads dropped DLL
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2056
    • C:\Program Files (x86)\inst.exe
      "C:\Program Files (x86)\inst.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:2108
      • C:\Program Files (x86)\Setup.exe
        "C:\Program Files (x86)\Setup.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:2744
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c 2.bat
          4⤵
            PID:2476
          • C:\Windows\SysWOW64\cmd.exe
            cmd /c 2.bat
            4⤵
              PID:1816
            • C:\Windows\SysWOW64\cmd.exe
              cmd /c C:\Windows\1.bat
              4⤵
                PID:2620

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\2.bat
          Filesize

          63B

          MD5

          7a5ef541101aa137761b97648b28388d

          SHA1

          94c099dab0afeaca95b81caa49da0f0f9b686300

          SHA256

          2d4a5979fd43a7d3ed4ad6927a94cb52490fec7df5e3772a2eb1728e0fb0feb4

          SHA512

          8e4cf46b8e949dbe56284351af8367f2af1409a4f0d078193c0a9f176215e48a412816b7d37968bd4ef932a700232b548bb3f432d8d57863b49b1c809bc83f9b

          Download Submit

        • C:\Program Files (x86)\2.bat
          Filesize

          64B

          MD5

          86c984586a442fb30a1f94ebd5b15e26

          SHA1

          aa73c4943a01e784015478a7ca22a0d431b16a8f

          SHA256

          f158a0030f9e45814ab6b911464b47063a5f840aadfe90eee713ffed5e2fbe73

          SHA512

          d649a3c9ef7955c83273b4fb05375242ae1826bb2278ccc75e2afd58e680af284ad8886ae10d645889d26ffa99a4a7353f85cc57bcc4c35f8095848defa6bd7c

          Download Submit

        • C:\Program Files (x86)\Setup.exe
          Filesize

          73KB

          MD5

          be261dfe7bbabba9423df6318cf14b89

          SHA1

          9bf530e56186edf78529b327809a7e3235312fcf

          SHA256

          c1a2c5f119d7357e6186cb6fa3a32605071d9c2867fb745dc29803491a1951dd

          SHA512

          3f2f9336c4b0dcfafb73fb4c176749fab04490b887f108baa254d8e7539650e43e9e2cb104a41671b26ee0a04707a681d3c9a05910b4d81875a3856a873648ff

          Download Submit

        • C:\Windows\1.bat
          Filesize

          108B

          MD5

          873a385671e5ee759c2c37aa43612c81

          SHA1

          9b2e38b4b67cb6fad43c2ebd7470aa8e07951028

          SHA256

          0efacaad4069490acbf85700fe9db6512d8498ac3393b85564704df614cf9880

          SHA512

          ccd9f4425ca1298e74edfc2f85b27085c70ea6ef5a2e2e5a87ac262ef0d65196a830036a6d1865d16d340be977f3eb16a3391e55e8466909270a7fd509504410

          Download Submit

        • \Program Files (x86)\inst.exe
          Filesize

          100KB

          MD5

          97afe8f1678a4f59a27670b1b39a8668

          SHA1

          05161cfa8d65f54879b3061e3fb4edb6957bf33f

          SHA256

          7279719962f15e59be8e40e6a3c433763c23c2dc2adc610f49b93f1cd3c4def3

          SHA512

          0a39401cc776c04b2bd5f218cde5da4484e6f82db8af9dd7b44ab2fadfae06fcee28cf18bc146cd2e0464a1f447ff22acfd6ab91547df47ef58b7cfac3345fcf

          Download Submit

        • \Windows\Help\F3C74E3FA248.dll
          Filesize

          59KB

          MD5

          d3fe16e8a55519695196740fbd4b94db

          SHA1

          ff4700b881a7cd347fc41b4bac221810dc3f7b40

          SHA256

          a3f6f17dbe328b66ad9d5ea309abbfbadcae1b88aa2983493141c3bf721bd4cc

          SHA512

          2fa31c5bd35278ee64139bec0ed67ae76ddffc7236bab15a6d841b250df7b27d17501d928a11bc946d8553636e76fdeb1d3c864c23e787ec62e3648ad3613681

          Download Submit

        • memory/2056-21-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2108-25-0x0000000003820000-0x0000000003852000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2108-27-0x0000000000400000-0x0000000000421000-memory.dmp

          Filesize

          132KB

          Download

        • memory/2744-32-0x00000000002B0000-0x00000000002E2000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2744-40-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2744-35-0x000000000041D000-0x000000000041E000-memory.dmp

          Filesize

          4KB

          Download

        • memory/2744-33-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2744-64-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download

        • memory/2744-28-0x0000000000400000-0x0000000000432000-memory.dmp

          Filesize

          200KB

          Download