1002a385738783d1a4594e84b95d01fd241536ab7a1fd4f99b1ee13f49f6db9d

Analysis

max time kernel
359s
max time network
361s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windowsdesktop-runtime-6.0.27-win-x64.exe
Size

54.6MB
MD5

d6d5ec50cc606d19651cd3e69911a51f
SHA1

f45ba5596de84abef7b3ec4857a6b4e9f2f4b92b
SHA256

1002a385738783d1a4594e84b95d01fd241536ab7a1fd4f99b1ee13f49f6db9d
SHA512

8927e3bcda1f439af84af0cb41fefc38c4386297eb463ddc7dd835d98502e63e0ba06a0732b02939a981644d8afad1d77036b6ac38d348c1cd29cf691cb80da7
SSDEEP

1572864:kfIbCsGSR84vql2mQw19ECV7YyVuunDzuslEQz6flmTq:MN4vqluw15Vsy4+Dfh6f4u

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

windowsdesktop-runtime-6.0.27-win-x64.exe

pid process

2268 windowsdesktop-runtime-6.0.27-win-x64.exe
Loads dropped DLL 2 IoCs

Processes:

windowsdesktop-runtime-6.0.27-win-x64.exewindowsdesktop-runtime-6.0.27-win-x64.exe

pid process

2280 windowsdesktop-runtime-6.0.27-win-x64.exe
2268 windowsdesktop-runtime-6.0.27-win-x64.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

pid	process
2268	windowsdesktop-runtime-6.0.27-win-x64.exe

pid	process
2280	windowsdesktop-runtime-6.0.27-win-x64.exe
2268	windowsdesktop-runtime-6.0.27-win-x64.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

windowsdesktop-runtime-6.0.27-win-x64.exe

description	pid	process	target process
PID 2280 wrote to memory of 2268	2280	windowsdesktop-runtime-6.0.27-win-x64.exe	windowsdesktop-runtime-6.0.27-win-x64.exe
PID 2280 wrote to memory of 2268	2280	windowsdesktop-runtime-6.0.27-win-x64.exe	windowsdesktop-runtime-6.0.27-win-x64.exe
PID 2280 wrote to memory of 2268	2280	windowsdesktop-runtime-6.0.27-win-x64.exe	windowsdesktop-runtime-6.0.27-win-x64.exe
PID 2280 wrote to memory of 2268	2280	windowsdesktop-runtime-6.0.27-win-x64.exe	windowsdesktop-runtime-6.0.27-win-x64.exe
PID 2280 wrote to memory of 2268	2280	windowsdesktop-runtime-6.0.27-win-x64.exe	windowsdesktop-runtime-6.0.27-win-x64.exe
PID 2280 wrote to memory of 2268	2280	windowsdesktop-runtime-6.0.27-win-x64.exe	windowsdesktop-runtime-6.0.27-win-x64.exe
PID 2280 wrote to memory of 2268	2280	windowsdesktop-runtime-6.0.27-win-x64.exe	windowsdesktop-runtime-6.0.27-win-x64.exe

C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.27-win-x64.exe
"C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.27-win-x64.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2280

C:\Windows\Temp\{FEB5E1F3-DDFE-4C8F-B0C6-289567B56CF3}\.cr\windowsdesktop-runtime-6.0.27-win-x64.exe
"C:\Windows\Temp\{FEB5E1F3-DDFE-4C8F-B0C6-289567B56CF3}\.cr\windowsdesktop-runtime-6.0.27-win-x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\windowsdesktop-runtime-6.0.27-win-x64.exe" -burn.filehandle.attached=180 -burn.filehandle.self=188
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2268

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{C65BCF41-9729-4C9E-9C68-A4B231011F81}\.ba\bg.png
Filesize
4KB

MD5
9eb0320dfbf2bd541e6a55c01ddc9f20

SHA1
eb282a66d29594346531b1ff886d455e1dcd6d99

SHA256
9095bf7b6baa0107b40a4a6d727215be077133a190f4ca9bd89a176842141e79

SHA512
9ada3a1757a493fbb004bd767fab8f77430af69d71479f340b8b8ede904cc94cd733700db593a4a2d2e1184c0081fd0648318d867128e1cb461021314990931d

Download Submit
\Windows\Temp\{C65BCF41-9729-4C9E-9C68-A4B231011F81}\.ba\wixstdba.dll
Filesize
197KB

MD5
4356ee50f0b1a878e270614780ddf095

SHA1
b5c0915f023b2e4ed3e122322abc40c4437909af

SHA256
41a8787fdc9467f563438daba4131191aa1eb588a81beb9a89fe8bd886c16104

SHA512
b9e482efe9189683dabfc9feff8b386d7eba4ecf070f42a1eebee6052cfb181a19497f831f1ea6429cfcce1d4865a5d279b24bd738d702902e9887bb9f0c4691

Download Submit
\Windows\Temp\{FEB5E1F3-DDFE-4C8F-B0C6-289567B56CF3}\.cr\windowsdesktop-runtime-6.0.27-win-x64.exe
Filesize
610KB

MD5
6c8ed77c12655d3f2b2f4df125e6c821

SHA1
cc9ef970080404cf483de035a94b2cab665081f6

SHA256
07283c73776c39ccd007064ee573ba5f35db0e6d70b8194a94ff7c0b663d6203

SHA512
ea522f076cd6f060636f2a3f04d954633b595768b229650abd3e8fdc9b59f4762793aa18cecc8fa133e3ff02e72b70e457782c58917079edc6df9ae19b401193

Download Submit