c26d121b096af68fc785a4e7fbd821c0c63a64abd2a64c9abf237fe98d0ddf42

Analysis

max time kernel
122s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 19:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MSK203.exe
Size

495KB
MD5

672127d627b0d1ffdc8f4f6a7f6a4697
SHA1

965c08f135e270201ca61122955104c0de39ad9f
SHA256

c26d121b096af68fc785a4e7fbd821c0c63a64abd2a64c9abf237fe98d0ddf42
SHA512

f3e6c7837c767944d7e14cac75e5844fa217cfdc3d6dcae575a7d0ad2740617cce9e53e6b28f947114708361570972150737c9c1e3663b5b3ee9fd55a2d6a746
SSDEEP

12288:Pbm37Owct5ERd1ZRad1I5eA2bZxeyCNNrmj:Pbms5EP1CAsZxse

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

Processes:

MSK203.exe

pid process

2184 MSK203.exe
2184 MSK203.exe
Drops file in Windows directory 1 IoCs

Processes:

MSK203.exe

description ioc process

File opened for modification C:\Windows\Fonts\Apoplektikerens\Chateaubriand.Exi MSK203.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

1308 2184 WerFault.exe MSK203.exe

pid	process
2184	MSK203.exe
2184	MSK203.exe

description	ioc	process
File opened for modification	C:\Windows\Fonts\Apoplektikerens\Chateaubriand.Exi	MSK203.exe

pid	pid_target	process	target process
1308	2184	WerFault.exe	MSK203.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

MSK203.exe

description	pid	process	target process
PID 2184 wrote to memory of 1308	2184	MSK203.exe	WerFault.exe
PID 2184 wrote to memory of 1308	2184	MSK203.exe	WerFault.exe
PID 2184 wrote to memory of 1308	2184	MSK203.exe	WerFault.exe
PID 2184 wrote to memory of 1308	2184	MSK203.exe	WerFault.exe

C:\Users\Admin\AppData\Local\Temp\MSK203.exe
"C:\Users\Admin\AppData\Local\Temp\MSK203.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 540
2⤵
- Program crash
PID:1308

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsd7F02.tmp
Filesize
10B

MD5
9a53fc1d7126c5e7c81bb5c15b15537b

SHA1
e2d13e0fa37de4c98f30c728210d6afafbb2b000

SHA256
a7de06c22e4e67908840ec3f00ab8fe9e04ae94fb16a74136002afbaf607ff92

SHA512
b0bffbb8072dbdcfc68f0e632f727c08fe3ef936b2ef332c08486553ff2cef7b0bcdb400e421a117e977bb0fac17ce4706a8097e32d558a918433646b6d5f1a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7F02.tmp
Filesize
24B

MD5
60f65c2cd21dde8cc4ce815633d832e0

SHA1
c1196320458557d8c4f65ba6810953b1037a822b

SHA256
7f0f042b1879b1b8f04a5e6051e577a1e691ec322789c4d98d52494cfd906ce7

SHA512
301ead9a6620deccb0be51bbe4eb760ca9d48d029cded0c6cdc7115a4353f4d9330f2ca92df2519a78a7d5aa24975ca6fa19c0269cc411026739b3f733f8d8f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7F02.tmp
Filesize
31B

MD5
bebdffa37358b59c6d03d4e3947c6f6c

SHA1
bb3d6a0095f4d6d2dac15bb64ffd4775952bf547

SHA256
3e3573216f1f8de74e0c00566b297b31f2c5b0e1015114d370fb84cfcdbe97d3

SHA512
651f98e9cf38c74647806c574f807c6a84d3b60c25aa701c00ad0cac409ff99fa490169ee033ba4ab1aa97dd8010c887d21d1dd1219bbfe5ae81ab39991efdbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7F02.tmp
Filesize
52B

MD5
5d04a35d3950677049c7a0cf17e37125

SHA1
cafdd49a953864f83d387774b39b2657a253470f

SHA256
a9493973dd293917f3ebb932ab255f8cac40121707548de100d5969956bb1266

SHA512
c7b1afd95299c0712bdbc67f9d2714926d6ec9f71909af615affc400d8d2216ab76f6ac35057088836435de36e919507e1b25be87b07c911083f964eb67e003b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7F51.tmp
Filesize
2B

MD5
25bc6654798eb508fa0b6343212a74fe

SHA1
15d5e1d3b948fd5986aaff7d9419b5e52c75fc93

SHA256
8e5202705183bd3a20a29e224499b0f77a8273ee33cd93cca71043c57ad4bdfc

SHA512
5868c6241ed3cfcc5c34bfe42e4b9f5c69e74975e524771d8c9f35cafc13fd01cd943ec4d8caefee79a1f4a457e69d20b7a86f88db83a5bc3e6bd8a619972898

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7F51.tmp
Filesize
6B

MD5
50484c19f1afdaf3841a0d821ed393d2

SHA1
c65a0fb7e74ffd2c9fc3a0f9aacb0f6a24b0a68b

SHA256
6923dd1bc0460082c5d55a831908c24a282860b7f1cd6c2b79cf1bc8857c639c

SHA512
d51a20d67571fe70bcd6c36e1382a3c342f42671c710090b75fcfc2405ce24488e03a7131eefe4751d0bd3aeaad816605ad10c8e3258d72fcf379e32416cbf3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7F51.tmp
Filesize
11B

MD5
f9e81875c2ac80cd228ff7615d6e6183

SHA1
bc60a68ab8522806b30affd832b5866643ec2031

SHA256
54d26d86b2ebde0a52271df5d2bcc911d881ada35d5716076d0411672f78e7b1

SHA512
6173811b6e692e85ac091f9e53ad9e392dc9853087756dae6907ae45b73704c1084ad64bb9730871b6f7dd16d871dfcf089fcf19746cbee68b783a691937d1d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7F51.tmp
Filesize
18B

MD5
cd0c38af71efb097ce402c588b17ff09

SHA1
8da4e54a7b95932f752a88ea416fa31d0c7c2fbe

SHA256
1630fc3705a57982a8939a6550615a92d8998f0c3394caeca0ae3019427ec50a

SHA512
03603368dbca419de6ad8ef10bb6c9670e83f06d2b3b7d7b5ebccf255473d7abb1cca1c7e0f2c2d49cd3f84c599ee5e71b03582567c95f3f76d5e54931a6ed06

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7F51.tmp
Filesize
37B

MD5
33aa92debcc1f60e7c5854cc89fab1fa

SHA1
dfdb911fe590e83d018b61eb13c3d804a0e61a79

SHA256
11ed97cbf6f46b9d72582a923af9ce569b7546fcc9357e317566d0b4bf0bedd1

SHA512
24c749d4f77a21d79ef28986b5e906d51b2288c5c42216a3f74a484f8949cc26f1e221a8e29e358c3783f28215bde6dd196f228089b38ea72f179ef52c0f2845

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7FA0.tmp
Filesize
3B

MD5
4e27f2226785e9abbe046fc592668860

SHA1
28b18a7f383131df509f7191f946a32c5a2e410c

SHA256
01a219245e1501fee01ce0baea8f6065ce5162cea12fa570689a07c9717be81d

SHA512
2a23585835bdb5db8175cab265566042282841efdcee8aaba8b9b5d466b0f165c0c5973033ce94bb9a8f07a956689247981ea07ac5a51408263e1653d9710adb

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7FA0.tmp
Filesize
4B

MD5
cde63b34c142af0a38cbe83791c964f8

SHA1
ece2b194b486118b40ad12c1f0e9425dd0672424

SHA256
65e2d70166c9a802b7ad2a87129b8945f083e5f268878790a9d1f1c03f47938d

SHA512
0559d3d34ad64ccc27e685431c24fc6ead0f645db14fa0e125a64fb67dbd158c15432c1fc5407811aac8a3486090dfbcfcbc3c6bf5aa0ec73f979ef62d14853c

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7FA0.tmp
Filesize
8B

MD5
c3cb69218b85c3260387fb582cb518dd

SHA1
961c892ded09a4cbb5392097bb845ccba65902ad

SHA256
1c329924865741e0222d3ead23072cfbed14f96e2b0432573068eb0640513101

SHA512
2402fffeb89c531db742bf6f5466eee8fe13edf97b8ecfc2cace3522806b322924d1ca81dda25e59b4047b8f40ad11ae9216e0a0d5c7fc6beef4368eb9551422

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7FA0.tmp
Filesize
46B

MD5
da929d19f398863dcdf31179e9773367

SHA1
3430349937c4e8e55d2ad78d703038a5c607fffe

SHA256
e188cbf5bd95c1cac9d09b387da10217f0cb0c02346b22b5946980e8a50790ee

SHA512
448c275033a62c788c0b5c9966c04b627db001fa5068ffff054c9f7c0a1dbfa05e0545c109ce86da3a8c55a977b53952934891fba3d8a43a94a48c9cda6c6cb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsd7FA0.tmp
Filesize
56B

MD5
2c77bbd52333e4144ba070082eac42d6

SHA1
d5570ca72f198bd75e1f0d241f0dd69986877ea4

SHA256
54695e5022b16a8b57b4995eabb2d2b2212e0f3fc6ddad15cb2bbc5798fa3c04

SHA512
c800b128aee9e19cfa614be129deed3a440263ff5b58d801e4929ceebf5a930eba8efe948c70e163294a4dabe993a6dcc24f3ca3cef859877da852919dce4162

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7E93.tmp
Filesize
53B

MD5
6601def372fd604346cc14113dbe6c2f

SHA1
55b5e2406ef28e7c45a60acc6f90795cc088493d

SHA256
f4bf549b30bb96f31c7aec31e319438324daac5f7483e906beadb08ce285bb0c

SHA512
4eae5d296860b66377467aea0e6b6077f2bd993c151c29e2d1428c1d262c49ab4f8ef91cc6a7857f9054a1c86c59f08b8d9168754f5e66f021c2d4a05fffb451

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsy7E93.tmp
Filesize
26B

MD5
bc970bd8ec8acf8ac1ada9e444673a39

SHA1
6c03dfa1c2595129e8e0e2428fceb0f2df7f82a7

SHA256
0092de36b51381e4fe5e613bdbae906f0c6e8691fec4a93f82b876f1af826648

SHA512
c3fc2d8b396b6753759b532bb9e91d015a039476ec2cf8abcd4c6d4d32b9305146752743692486bd4e3984325a7e9c6db0ff4d902c2879993789573f9cdca3b0

Download Submit
\Users\Admin\AppData\Local\Temp\nso7EF2.tmp\System.dll
Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit