93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4

Analysis

max time kernel
122s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23/05/2024, 01:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe
Size

821KB
MD5

c7ae7bfda7f71b76c6f3213cfe94529e
SHA1

eebcb778056a8fa9a33255141d70ffac41523caf
SHA256

93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4
SHA512

70326a8b9f6c7d99f82e32f0116b23e2b879bbea3235b03e7510a080ffbbeabc2620b09be4406a2a2b28b62c0679a3ee56e39b7398991693c80da0d84fe43fd2
SSDEEP

12288:8bBFvUojlMVWIhWL7Uc8Eh8xn8mWpXS0iNrmY:8bPvUohIWIhko9xnVWpCH

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 2 IoCs

pid	Process
2032	93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe
2032	93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Fonts\Apoplektikerens\Chateaubriand.Exi	93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2884	2032	WerFault.exe	27

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 2884	2032	93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe	28
PID 2032 wrote to memory of 2884	2032	93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe	28
PID 2032 wrote to memory of 2884	2032	93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe	28
PID 2032 wrote to memory of 2884	2032	93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe	28

C:\Users\Admin\AppData\Local\Temp\93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe
"C:\Users\Admin\AppData\Local\Temp\93b75e7f99768d86cb26282a3164d806d36a2c890fb7d367f0cf389a75d304d4.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 524
  2⤵
  - Program crash
  PID:2884

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\nsi2627.tmp

Filesize
74B

MD5
16d513397f3c1f8334e8f3e4fc49828f

SHA1
4ee15afca81ca6a13af4e38240099b730d6931f0

SHA256
d3c781a1855c8a70f5aca88d9e2c92afffa80541334731f62caa9494aa8a0c36

SHA512
4a350b790fdd2fe957e9ab48d5969b217ab19fc7f93f3774f1121a5f140ff9a9eaaa8fa30e06a9ef40ad776e698c2e65a05323c3adf84271da1716e75f5183c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2627.tmp

Filesize
34B

MD5
44faec7c0702b7ef4cda5820a608da0a

SHA1
10313d20436f6968228a07ad4dfad29f37e6532d

SHA256
c9eb8d8cea8dd215bb20f4674c6b4b3ea865cc9390eb982c501af89142dfd95d

SHA512
dd2bf84c8609abd2f9acc8f45ead13f65f2f804cc2951774b857c0a86616d2a4656a88af4d8277e71bb3bf34afd065ed4dd62577f215f8e4b2f6683967db3a39

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2677.tmp

Filesize
9B

MD5
2b3884fe02299c565e1c37ee7ef99293

SHA1
d8e2ef2a52083f6df210109fea53860ea227af9c

SHA256
ae789a65914ed002efb82dad89e5a4d4b9ec8e7faae30d0ed6e3c0d20f7d3858

SHA512
aeb9374a52d0ad99336bfd4ec7bb7c5437b827845b8784d9c21f7d96a931693604689f6adc3ca25fad132a0ad6123013211ff550f427fa86e4f26c122ac6a0fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi2677.tmp

Filesize
52B

MD5
5d04a35d3950677049c7a0cf17e37125

SHA1
cafdd49a953864f83d387774b39b2657a253470f

SHA256
a9493973dd293917f3ebb932ab255f8cac40121707548de100d5969956bb1266

SHA512
c7b1afd95299c0712bdbc67f9d2714926d6ec9f71909af615affc400d8d2216ab76f6ac35057088836435de36e919507e1b25be87b07c911083f964eb67e003b

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi26C6.tmp

Filesize
1B

MD5
8ce4b16b22b58894aa86c421e8759df3

SHA1
13fbd79c3d390e5d6585a21e11ff5ec1970cff0c

SHA256
8254c329a92850f6d539dd376f4816ee2764517da5e0235514af433164480d7a

SHA512
2af8a9104b3f64ed640d8c7e298d2d480f03a3610cbc2b33474321ec59024a48592ea8545e41e09d5d1108759df48ede0054f225df39d4f0f312450e0aa9dd25

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi26C6.tmp

Filesize
30B

MD5
69a47761d93d45d9bf170ec16939600c

SHA1
1ec8b556be40db3b506319e3a3db31192958eaad

SHA256
4a16aca549822eee4b91050aab5c8e7eab4e4891e94d822116877eda6059fc9a

SHA512
f58562440497dea06b1ddf8a2cceda2eb9a9e3390d91f061a5a348c25c79923c99c61239e64980289aa7ed570437a7bc43e27da35975c0912cc8296108b7765d

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsi26C6.tmp

Filesize
60B

MD5
2d45b071bce5847e12b6308c981e1ab7

SHA1
5bc8e983895acd8ed0d5bb4fc48355cf5871ed2c

SHA256
3e9039677f7626a652276f60ecb67b20cd004050af6d7cec32d237591254cb81

SHA512
e838c8c079a8ca453eaa5509df7fe8340329afbf6e6205938ebcac23a98514b7465e8ab7cc9e1be1af10423ab87c8f1797013b58dffcc3d29a35a792d8f05ebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2706.tmp

Filesize
35B

MD5
17e268c373d92fc1c1bf3a5417fa0f97

SHA1
64345ae76bde82fa659a23f1140de96bcf2ed76e

SHA256
e3e3384a3f58b3cf593a154527a61933fac62ba0a7ca188ce750d0b25721afa2

SHA512
7f4754c2e0b643e6702c8b8d6ad460bc305034e607236062404dd936d7c32bd6f30847bb293a74d0fd542269308e9149dc1e9ff664eff2a9e1f589e04e864369

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2706.tmp

Filesize
52B

MD5
3754a9bac29a47a3a29abfa6cdf1ed45

SHA1
74bec62c6ee03c318d269dda97f4acc850994145

SHA256
1cdabf4bdb4450a9ee6f0a10208a898ae9e5a28d8f615cb22c6358846b91215a

SHA512
521bc3b31f6e5e8585ce59839e6f6cd3f2648445ffda0c9ed7960038c8b7822f50eaa8156c1ed0cd2dda0b14c326a13321338fc9fba63fba97532218da3cb898

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2706.tmp

Filesize
56B

MD5
c599d20101d8532a39fefbec3a4162a9

SHA1
6215d1abf9002230448221e1ebdcb2916df29cb3

SHA256
db2d57c0d52d8989de271b0b5440e043c7c93b4f58092de80a1c1e569f5327b2

SHA512
df32094a64597c11d96b2844ea097c960cf39901508dcdf9d0892e2879706d2b6a178d1f798a1ba22613091c79b11ba468b21ad04f7856c8be3cfd517330df93

Download Submit
C:\Users\Admin\AppData\Local\Temp\nst2755.tmp

Filesize
29B

MD5
494d0d159b1e574f09fe79bda72f9c7c

SHA1
257a74558f794976d51b62a2af3b8e8e0bf8d999

SHA256
aafe3e506b4a9cdc77a876716f2ca016314e4529646d588cd6ee1b8573bbcd28

SHA512
93adc30e04f5d3f5f6e0372c77d20c148322717d53ca923145d2428ee960158eafed406e9af4996ce969c69b5b690c1758a3857891fb74e27c2f1685aa4ba0a6

Download Submit
\Users\Admin\AppData\Local\Temp\nsd2657.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit