dc4aa0cfe4379b2ae5a8d10a81f7d04f45a8060765dad726a19ec0b2e881c7c9

Analysis

max time kernel
23s
max time network
20s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
27-05-2024 23:33

Target

sdcheck/SeedsChecker.exe
Size

10.5MB
MD5

5f7e0d25b165b9afcc3e6ca2bb135a47
SHA1

72cbc2583a2dd5078a0edb83b153f38fb5ddb085
SHA256

b94bb64c9f1e39f900c095b2034d3302a2a1cfeca08096ac71ecd24b5a25c61d
SHA512

fd87ba28b3cd39b7938eba27d95588cacb51dd3e46c5f79282f3a2693e78387c1032b58b1186eae052a4d33680863c609588888dff46a3fb2542860eda4329fc
SSDEEP

196608:BVE0qzgg7MlG6g4kpQbjHqsQLTJeriQAu8VAbC7EzpIjtoTSam0nuYaf:BV5qz7J6gKbjq1d4iFuE+CQzpI2+l0nu

Score

7^/10

Executes dropped EXE 2 IoCs

Processes:

EUgNJfrbZv.exeSeedsChecker (1).exe

pid process

1760 EUgNJfrbZv.exe
2916 SeedsChecker (1).exe
Loads dropped DLL 4 IoCs

Processes:

SeedsChecker.exeWerFault.exe

pid process

1300 SeedsChecker.exe
2512 WerFault.exe
2512 WerFault.exe
2512 WerFault.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
1760	EUgNJfrbZv.exe
2916	SeedsChecker (1).exe

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

SeedsChecker.exeSeedsChecker (1).exeEUgNJfrbZv.exe

description	pid	process	target process
PID 1300 wrote to memory of 1760	1300	SeedsChecker.exe	EUgNJfrbZv.exe
PID 1300 wrote to memory of 1760	1300	SeedsChecker.exe	EUgNJfrbZv.exe
PID 1300 wrote to memory of 1760	1300	SeedsChecker.exe	EUgNJfrbZv.exe
PID 1300 wrote to memory of 2916	1300	SeedsChecker.exe	SeedsChecker (1).exe
PID 1300 wrote to memory of 2916	1300	SeedsChecker.exe	SeedsChecker (1).exe
PID 1300 wrote to memory of 2916	1300	SeedsChecker.exe	SeedsChecker (1).exe
PID 2916 wrote to memory of 2512	2916	SeedsChecker (1).exe	WerFault.exe
PID 2916 wrote to memory of 2512	2916	SeedsChecker (1).exe	WerFault.exe
PID 2916 wrote to memory of 2512	2916	SeedsChecker (1).exe	WerFault.exe
PID 1760 wrote to memory of 2560	1760	EUgNJfrbZv.exe	WerFault.exe
PID 1760 wrote to memory of 2560	1760	EUgNJfrbZv.exe	WerFault.exe
PID 1760 wrote to memory of 2560	1760	EUgNJfrbZv.exe	WerFault.exe

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

C:\Users\Admin\AppData\Local\Temp\sdcheck\EUgNJfrbZv.exe

Filesize
216KB

MD5
6ff8156ec6df07062b3a9f9594604a2b

SHA1
608adce74f2461d853aa5dc7590dec9daa948019

SHA256
1fddeef51fb61303fcd232c0d7bd9bb45cf9d7b6a4377d8ccb479ae562ae79be

SHA512
f40aae3ead07bcdcc7ddd0e4800026b0f9a6f50b6f1f1338ada10d63c05eb6ec0d33cfa507227c0ff46ba63193014d73e6eadc03edd31490ee982546ad64aada

Download Submit
\Users\Admin\AppData\Local\Temp\sdcheck\SeedsChecker (1).exe

Filesize
10.5MB

MD5
2ebfecade19e4b41e1968a8b5e49f163

SHA1
2e419a0dd67f1532ce71091f3623f992ce94c21c

SHA256
6851f7b4b2fc51091056aeca5616be222cf212196bef0af705ee73ff068d94e2

SHA512
0e105a0b503abb526817aa982d2b709b1cfdc044aa01fd93613a8cc3ed96b4c772474099bbd66be00af2873760adbecf940fe65228f5aa085443492bb509fa1f

Download Submit
memory/1300-0-0x000007FEF5313000-0x000007FEF5314000-memory.dmp

Filesize
4KB

Download
memory/1300-1-0x0000000000110000-0x0000000000BA2000-memory.dmp

Filesize
10.6MB

Download
memory/1300-4-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

Filesize
9.9MB

Download
memory/1300-20-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

Filesize
9.9MB

Download
memory/1760-9-0x0000000000C00000-0x0000000000C3A000-memory.dmp

Filesize
232KB

Download
memory/1760-10-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

Filesize
9.9MB

Download
memory/1760-22-0x000007FEF5310000-0x000007FEF5CFC000-memory.dmp

Filesize
9.9MB

Download