24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c

Analysis

max time kernel
119s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
21-05-2024 19:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe
Size

1.9MB
MD5

83a5cbe75e78ad4c7232f85a4fe0833f
SHA1

256a83a9c745a4b4d648654a5b97a529f2f463b4
SHA256

24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c
SHA512

66966ad48a27f013d6f53386baf00b70d2afc9fbdb0dc98e628928e9066a41a8da497b572b18e384d8d08d42f2fa2be2adaf1f0388b6acc2aa1811b2d540dd14
SSDEEP

49152:jmoGDPt1mEQJPA8cIZ3eXx5g5R6xKAgAU5Km:jmoSEEQDJZExiHoKAlm

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 1 IoCs

Processes:

regsvr32.exe

pid process

3044 regsvr32.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3044	regsvr32.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe

description	pid	process	target process
PID 2104 wrote to memory of 3044	2104	24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe	regsvr32.exe
PID 2104 wrote to memory of 3044	2104	24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe	regsvr32.exe
PID 2104 wrote to memory of 3044	2104	24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe	regsvr32.exe
PID 2104 wrote to memory of 3044	2104	24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe	regsvr32.exe
PID 2104 wrote to memory of 3044	2104	24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe	regsvr32.exe
PID 2104 wrote to memory of 3044	2104	24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe	regsvr32.exe
PID 2104 wrote to memory of 3044	2104	24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe	regsvr32.exe

C:\Users\Admin\AppData\Local\Temp\24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe
"C:\Users\Admin\AppData\Local\Temp\24416850254f0b56d2a2bbe8648c60e08f5e9da3b85d8df6c684e5549f59ee9c.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2104
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\System32\regsvr32.exe" A8~c.D5 -S
  2⤵
  - Loads dropped DLL
  PID:3044

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A8~c.D5

Filesize
1.6MB

MD5
a90cf2c636dffdc2ec408a9fd2f7b04a

SHA1
075caa3aebf7db028e4837e5c2410c23bff36941

SHA256
ffd1fe1370139c864cf73782196643c748bd596080cafc20faedd3cda5c9e916

SHA512
4e41ea89c56e74382367ecee8b2208c1ef6235da53e729e630dff214838c68fe30f7a853a787e7db100a8b6033483494a135146da43b0e1ed3807bf653cb3080

Download Submit
memory/3044-4-0x0000000010000000-0x0000000010198000-memory.dmp

Filesize
1.6MB

Download
memory/3044-8-0x00000000025F0000-0x000000000270D000-memory.dmp

Filesize
1.1MB

Download
memory/3044-9-0x0000000002710000-0x0000000002811000-memory.dmp

Filesize
1.0MB

Download
memory/3044-12-0x0000000002710000-0x0000000002811000-memory.dmp

Filesize
1.0MB

Download
memory/3044-10-0x0000000002710000-0x0000000002811000-memory.dmp

Filesize
1.0MB

Download
memory/3044-13-0x0000000010000000-0x0000000010198000-memory.dmp

Filesize
1.6MB

Download
memory/3044-16-0x0000000002710000-0x0000000002811000-memory.dmp

Filesize
1.0MB

Download
memory/3044-18-0x00000000042D0000-0x00000000043C4000-memory.dmp

Filesize
976KB

Download
memory/3044-17-0x0000000002820000-0x00000000042CD000-memory.dmp

Filesize
26.7MB

Download
memory/3044-22-0x00000000043D0000-0x00000000044C2000-memory.dmp

Filesize
968KB

Download
memory/3044-19-0x00000000043D0000-0x00000000044C2000-memory.dmp

Filesize
968KB

Download
memory/3044-23-0x0000000000280000-0x0000000000291000-memory.dmp

Filesize
68KB

Download
memory/3044-24-0x00000000554C0000-0x0000000055511000-memory.dmp

Filesize
324KB

Download