Resubmissions

05-09-2023 01:34

230905-by5lrsch46 10

Analysis

  • max time kernel
    65s
  • max time network
    77s
  • platform
    windows7_x64
  • resource
    win7-20240508-en
  • resource tags

    arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
  • submitted
    24-05-2024 01:20

General

  • Target

    d7deda9897282437fa0da638c09ce0a66a147d6c0ff6e05e5694eff45072a48d.exe

  • Size

    2.5MB

  • MD5

    83bb427fb0c1d78cf27f7f7b3a0ddb51

  • SHA1

    c6add026998074678ff17a77200bc9433b12e410

  • SHA256

    d7deda9897282437fa0da638c09ce0a66a147d6c0ff6e05e5694eff45072a48d

  • SHA512

    8adc548873fc57732a99f48e69716e7d74bb2abf59904b86cc0e282f1a3b37a47fe84d7d94518973960c3d079c7c739926fb35d7bb09a25a48c5f02e30a6c1d2

  • SSDEEP

    49152:kWhSV4BfJXAEgs3OaQCU+bzbDP4Fnbo8AdmkugFtWZ/q4xCl+gbAC8J:kWhSeBfKExOaQ6vP4dW0CWZ/q43gclJ

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7deda9897282437fa0da638c09ce0a66a147d6c0ff6e05e5694eff45072a48d.exe
    "C:\Users\Admin\AppData\Local\Temp\d7deda9897282437fa0da638c09ce0a66a147d6c0ff6e05e5694eff45072a48d.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1956
    • C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\System32\regsvr32.exe" -U -s .\Z3UQNGA5.78
      2⤵
      • Loads dropped DLL
      PID:2068

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\Z3UQNGA5.78

    Filesize

    2.1MB

    MD5

    5dfcb241b7de6db07e66f74011f5da37

    SHA1

    399c362ae5ccf758ecabbc9ec71a8b653d86186d

    SHA256

    0874659ed8ac8d80c4b54db37480af6563009eaaf6dec8dde14c18119516149c

    SHA512

    86cacba0f897499ec8120435241685cdd260875ff57b1a8dbf16122d9f2d7ec38c798df1f1dda738813bfd5a332c40d10eff5a06319f35b1ea6dd51a36d6266b

  • memory/2068-4-0x0000000002390000-0x00000000025B2000-memory.dmp

    Filesize

    2.1MB

  • memory/2068-5-0x0000000002390000-0x00000000025B2000-memory.dmp

    Filesize

    2.1MB

  • memory/2068-8-0x00000000025C0000-0x00000000026BD000-memory.dmp

    Filesize

    1012KB

  • memory/2068-9-0x0000000000A40000-0x0000000000B25000-memory.dmp

    Filesize

    916KB

  • memory/2068-12-0x0000000000A40000-0x0000000000B25000-memory.dmp

    Filesize

    916KB

  • memory/2068-13-0x0000000002390000-0x00000000025B2000-memory.dmp

    Filesize

    2.1MB

  • memory/2068-16-0x0000000000A40000-0x0000000000B25000-memory.dmp

    Filesize

    916KB

  • memory/2068-17-0x0000000002A30000-0x0000000004B05000-memory.dmp

    Filesize

    32.8MB

  • memory/2068-18-0x0000000004B10000-0x0000000004BE6000-memory.dmp

    Filesize

    856KB

  • memory/2068-19-0x0000000004BF0000-0x0000000004CC9000-memory.dmp

    Filesize

    868KB

  • memory/2068-20-0x0000000004BF0000-0x0000000004CC9000-memory.dmp

    Filesize

    868KB

  • memory/2068-22-0x0000000004BF0000-0x0000000004CC9000-memory.dmp

    Filesize

    868KB

  • memory/2068-23-0x0000000000130000-0x0000000000131000-memory.dmp

    Filesize

    4KB

  • memory/2068-24-0x0000000000150000-0x0000000000154000-memory.dmp

    Filesize

    16KB