Overview
overview
9Static
static
7sapphire_cracked.rar
windows7-x64
3sapphire_cracked.rar
windows10-2004-x64
config.toml
windows7-x64
3config.toml
windows10-2004-x64
3crack.dll
windows7-x64
9crack.dll
windows10-2004-x64
9data/asset...g.json
windows7-x64
3data/asset...g.json
windows10-2004-x64
3data/asset...d.json
windows7-x64
3data/asset...d.json
windows10-2004-x64
3loader.exe
windows7-x64
9loader.exe
windows10-2004-x64
9main.exe
windows7-x64
7main.exe
windows10-2004-x64
7output/fil...ha.txt
windows7-x64
1output/fil...ha.txt
windows10-2004-x64
1output/fil...id.txt
windows7-x64
1output/fil...id.txt
windows10-2004-x64
1Analysis
-
max time kernel
121s -
max time network
124s -
platform
windows7_x64 -
resource
win7-20240419-en -
resource tags
arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system -
submitted
22-05-2024 07:38
Behavioral task
behavioral1
Sample
sapphire_cracked.rar
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
sapphire_cracked.rar
Resource
win10v2004-20240426-en
Behavioral task
behavioral3
Sample
config.toml
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
config.toml
Resource
win10v2004-20240508-en
Behavioral task
behavioral5
Sample
crack.dll
Resource
win7-20231129-en
Behavioral task
behavioral6
Sample
crack.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral7
Sample
data/assets/config.json
Resource
win7-20240221-en
Behavioral task
behavioral8
Sample
data/assets/config.json
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
data/assets/soundboard.json
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
data/assets/soundboard.json
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
loader.exe
Resource
win7-20240508-en
Behavioral task
behavioral12
Sample
loader.exe
Resource
win10v2004-20240426-en
Behavioral task
behavioral13
Sample
main.exe
Resource
win7-20240419-en
Behavioral task
behavioral14
Sample
main.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral15
Sample
output/filter/captcha.txt
Resource
win7-20240508-en
Behavioral task
behavioral16
Sample
output/filter/captcha.txt
Resource
win10v2004-20240508-en
Behavioral task
behavioral17
Sample
output/filter/invalid.txt
Resource
win7-20240215-en
Behavioral task
behavioral18
Sample
output/filter/invalid.txt
Resource
win10v2004-20240426-en
General
-
Target
main.exe
-
Size
17.5MB
-
MD5
92f642212cdbe6ac3a8e6f48243a2489
-
SHA1
6c5b3c6fa506dc92cd0bb4aa36dc4ccdac77a727
-
SHA256
ef24286fb0f5c05f739109f955521ae44bc74b52414c05722a06daccc07ca4e6
-
SHA512
0af07851e1d2f014efe2ca6a943999cb746fa595dca564b18d3226bbb4866f4c4c642d6eaa2126297cbcb11fdcaa6c721a24c44d678aa643e1e2a32029480e95
-
SSDEEP
393216:oJT9O22UETklFz4Uu1u2u+rJvtNqe6ZNIllZEzhtMkQ:oJhTETklx4Uu1xfd1Km/EzhvQ
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
main.exepid process 2604 main.exe -
Loads dropped DLL 2 IoCs
Processes:
main.exemain.exepid process 1968 main.exe 2604 main.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
main.exedescription pid process target process PID 1968 wrote to memory of 2604 1968 main.exe main.exe PID 1968 wrote to memory of 2604 1968 main.exe main.exe PID 1968 wrote to memory of 2604 1968 main.exe main.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1968 -
C:\Users\Admin\AppData\Local\Temp\onefile_1968_133608371986580000\main.exe"C:\Users\Admin\AppData\Local\Temp\main.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2604
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5.5MB
MD558e01abc9c9b5c885635180ed104fe95
SHA11c2f7216b125539d63bd111a7aba615c69deb8ba
SHA256de1b95d2e951fc048c84684bc7df4346138910544ee335b61fc8e65f360c3837
SHA512cd32c77191309d99aeed47699501b357b35669123f0dd70ed97c3791a009d1855ab27162db24a4bd9e719b68ee3b0539ee6db88e71abb9a2d4d629f87bc2c081
-
Filesize
15.0MB
MD5b47518a173e1dd0c6064a0e4c19b16dd
SHA163e59684ffe68cf6491fdc8e0ada2beac232456e
SHA256eef1b2d466cfd73df414c4088a7f0b85bec5afc1cb7eedb529223032269704be
SHA512814a00260d125ca08887c5e405eddfa2fee5bb57e155ceb15c20c50d88144ab6c3a3c08c23a9a82e7bcdf0dd3a4199880d2a2d45d7978595dd4fdb174c7c9a8a