Overview

overview

10

Static

static

10

TTDSCAMCLIENTV4.exe

windows10-2004-x64

9

TTDSCAMCLIENTV4.exe

windows10-1703-x64

9

TTDSCAMCLIENTV4.exe

windows7-x64

7

TTDSCAMCLIENTV4.exe

windows10-2004-x64

9

TTDSCAMCLIENTV4.exe

windows11-21h2-x64

9

Analysis

  • max time kernel
    13s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    22-05-2024 20:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TTDSCAMCLIENTV4.exe

  • Size

    76.7MB

  • MD5

    54dec6c887295f87f1fb0d01fdf73d8f

  • SHA1

    c7777bf58065fee312c64f2cd83c1d5c23fa2bd2

  • SHA256

    d799fd57e288d45ad583b60ed3bef30460873cf07609235667d024e158b55ba7

  • SHA512

    89611690706fd6b757b46830c1ff5019f9f29808c7b58966a7b2ee92d0d97fdb38b0f20c9beff42d1e1a2fad9205f02cb79bdbce78abd8518973645b6e9abe1b

  • SSDEEP

    1572864:ovbzj91WSk8IpG7V+VPhqb+TTE7UjxA7fEVWcRIsjHEYuMbkyyI6MWhFau6oUq4f:ovbzvWSkB05awb+TxtpEcRDkYlyvMgkd

Score
7/10
upx

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TTDSCAMCLIENTV4.exe
    "C:\Users\Admin\AppData\Local\Temp\TTDSCAMCLIENTV4.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2220
    • C:\Users\Admin\AppData\Local\Temp\TTDSCAMCLIENTV4.exe
      "C:\Users\Admin\AppData\Local\Temp\TTDSCAMCLIENTV4.exe"
      2⤵
      • Loads dropped DLL
      PID:2624

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI22202\python312.dll
    Filesize

    1.7MB

    MD5

    f23aa992b8e0a301ec8f473d6b784f4b

    SHA1

    ee73a5da238341cb21a781a3ddcb187d1f971680

    SHA256

    0ddfba7779ebc44f2fa819a78b54bc730a5543274986e973beee024fab0ecfc6

    SHA512

    028abb66298fee6173d34f80940f5bdd3988a8373234f32a780ae93e155d90af191d85164077d9b76dc3651bda4d9902ccbfd03d37be3e9662006b65c3defb35

    Download Submit

  • memory/2624-1253-0x000007FEF62A0000-0x000007FEF6970000-memory.dmp

    Filesize

    6.8MB

    Download