827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70

Analysis

max time kernel
119s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 02:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe
Size

498KB
MD5

b5f141db965555b7373c620e248789c2
SHA1

feead1658c3cdd4153a7242e5a82f3853d692c4c
SHA256

827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70
SHA512

6589723fc3b05656f57f2d6b104d2e6f295f01dab11bb429002dcd4c676d95a8b01eeb58705bba65cc4cbf1d040dacda7a1d209b5ffb786ecf02d9299c9fe60a
SSDEEP

12288:NyAfDcgcTQhgpZBDtoRAG01LqTl2mZoixN:vDVBADt1ZKlXRN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

EXE8F35.tmp

pid process

2904 EXE8F35.tmp

pid	process
2904	EXE8F35.tmp

Loads dropped DLL 2 IoCs

Processes:

827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe

pid	process
1708	827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe
1708	827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

EXE8F35.tmp

pid process

2904 EXE8F35.tmp
2904 EXE8F35.tmp

pid	process
2904	EXE8F35.tmp
2904	EXE8F35.tmp

Suspicious use of WriteProcessMemory 8 IoCs

Processes:

827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exeEXE8F35.tmp

description	pid	process	target process
PID 1708 wrote to memory of 2904	1708	827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe	EXE8F35.tmp
PID 1708 wrote to memory of 2904	1708	827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe	EXE8F35.tmp
PID 1708 wrote to memory of 2904	1708	827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe	EXE8F35.tmp
PID 1708 wrote to memory of 2904	1708	827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe	EXE8F35.tmp
PID 2904 wrote to memory of 2564	2904	EXE8F35.tmp	splwow64.exe
PID 2904 wrote to memory of 2564	2904	EXE8F35.tmp	splwow64.exe
PID 2904 wrote to memory of 2564	2904	EXE8F35.tmp	splwow64.exe
PID 2904 wrote to memory of 2564	2904	EXE8F35.tmp	splwow64.exe

C:\Users\Admin\AppData\Local\Temp\827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe
"C:\Users\Admin\AppData\Local\Temp\827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1708

C:\Users\Admin\AppData\Local\Temp\EXE8F35.tmp
"C:\Users\Admin\AppData\Local\Temp\EXE8F35.tmp" "C:\Users\Admin\AppData\Local\Temp\OFM8F36.tmp" "C:\Users\Admin\AppData\Local\Temp\827432b77e382913e3f5ce8e7169bc77a7ad6b4a7f6a2dd430ec0d9c1d812e70.exe"
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2904

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
3⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\EXE8F35.tmp

Filesize
968KB

MD5
0f619e7352920d8d21926f2b715e0794

SHA1
cdd75d72647b1c75477c069b51b5f8ab5dc63e50

SHA256
e6090962c2504441c1cd5f6ee75dd5ffbddc38062f02807f0d44176d8f464381

SHA512
380592a1382f40d80839efea429619470b09fc0c0aad8666c6392d8dbd112f5e8719538fc93044454f4ce67375aaae8da59e09563b167ff8adf34240be684dae

Download Submit
C:\Users\Admin\AppData\Local\Temp\OFM8F36.tmp

Filesize
50KB

MD5
392b4a2f104138cefa8798c665ba58bd

SHA1
9206407d272c8d57d8253cbdd4611f28f282d042

SHA256
dc8a3af043ea5a435fa314776abb7c9698857bd1f0041229232ee47b1db04109

SHA512
d26e3df8d7594408cdbd181c63038f30f4af134966b810ad14312906bbf725766b5aa03132e3fd2e101f5c512337eec4833587f720fc554e3438603d10922705

Download Submit