Analysis
-
max time kernel
121s -
max time network
122s -
platform
windows7_x64 -
resource
win7-20231129-en -
resource tags
-
submitted
23-05-2024 01:17
General
-
Target
6b31cab8a40ec2efc81f957d88d01bb3df5e525397b095d09bed96e645ef7b36.exe
-
Size
118KB
-
MD5
03dbbcfe6e37ed37ddd6842032238980
-
SHA1
09a9780d93144bf5ad207e3fd31415b9a46feea7
-
SHA256
6b31cab8a40ec2efc81f957d88d01bb3df5e525397b095d09bed96e645ef7b36
-
SHA512
086e7ca4a69fee572c178c340d38c3b42119389fc44a0ec807ddf1209c769ad5e7b393b584ba3b2ec43cf2c26905fa382fcc222a3455b26604fe0111dacd4d43
-
SSDEEP
3072:nOjWuyt0ZsqsXOKofHfHTXQLzgvnzHPowYbvrjD/L7QPbg/Dr0T3rnXLHf7zjPPb:nIs9OKofHfHTXQLzgvnzHPowYbvrjD/m
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Executes dropped EXE 2 IoCs
-
Loads dropped DLL 6 IoCs
-
Adds Run key to start application 2 TTPs 2 IoCs
-
Maps connected drives based on registry 3 TTPs 6 IoCs
Disk information is often read in order to detect sandboxing environments.
-
Drops file in System32 directory 12 IoCs
-
Drops file in Program Files directory 55 IoCs
-
Modifies registry class 6 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\6b31cab8a40ec2efc81f957d88d01bb3df5e525397b095d09bed96e645ef7b36.exe"C:\Users\Admin\AppData\Local\Temp\6b31cab8a40ec2efc81f957d88d01bb3df5e525397b095d09bed96e645ef7b36.exe"1⤵
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Drops file in System32 directory
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\ctfmen.exectfmen.exe2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\smnss.exeC:\Windows\system32\smnss.exe3⤵
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Maps connected drives based on registry
- Drops file in System32 directory
- Drops file in Program Files directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
183B
MD577b1ea7ab10ee4d3129ccf35d3d0a882
SHA1e12b3940877f5d6e0a60deb6a16d626246f034e8
SHA256570a073604bcfef58ac59cf9daab699afbbe95cb05221bae9b3b95b8f2adf247
SHA512ea418ec3e424ccec435bca3bde0154afb106435b7e34de00c4f9de9cc9dd9c5ab4a3777019e1805d20eabde7083d411c944434b07442bb6f5837e8a0c1b1abad
-
Filesize
4KB
MD540ce0c98aa565d246174fc404558ea91
SHA16bdf6fd3c769e9ec86104801efb14b75a84778da
SHA256fd09cdef2ec971c8a0383fb6f749edaf324aa5f220fc592f87c905ee1fa4c42e
SHA5125f6ecabd5445a50628d71e081c7fb64e5b86b5c80e7df6ee0969706944c402c9deb196a2cfa22db90e859a534b7b4ca2325609f19417d31dfc64435c5c2003ed
-
Filesize
8KB
MD54e2b674f7039b51c3a0661b47bf26da8
SHA186983a9e3dcd8291b08df750059d8ac74f4bf8cc
SHA256c3acd49b06d1c94431d024e1ebdb4a4338b5747832aaf26f9c6fe41b613dabca
SHA5126ef21cb7206ab9733435b2d4fb89a340501efe468dbe09b8c756408fc3ac4b7a7fa6aba520d52a7dcb4145f9c97c9ac83fe33986d90def5ba8455a8b1df3e30b
-
Filesize
118KB
MD5f7aa07f9a9e514f1ff818a629a3d7915
SHA1de3cea9baa0e7d5052538d376c86c79b78bf6cbe
SHA2564f7a7465e7b02cd622ae792ceb18e6df60ec1f9ea7ad4d37a5645dec047934c7
SHA512725b6589a42ed38014433cb5e1748c70626cf86a45a3c551cbc4795da02fa83596fe16faaa83d212599f2bbdecbb449f4bd98fc07844d9ae9ae3eadc2559bdeb
-
Filesize
124KB
-
Filesize
52KB
-
Filesize
124KB
-
Filesize
36KB
-
Filesize
52KB
-
Filesize
36KB
-
Filesize
124KB
-
Filesize
52KB
-
Filesize
124KB