Analysis

  • max time kernel
    117s
  • max time network
    124s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    03-06-2024 12:00

General

  • Target

    8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe

  • Size

    370KB

  • MD5

    c2c6ca7a9dea1fc9708b57d3ae1d9bc7

  • SHA1

    8cf4f02d6d97813310c7778bac555d00f4eab8b4

  • SHA256

    b53a20869d2145b135c61cb1fbe5b027f47e2cff1f3dbcf2aa4284ad982b581b

  • SHA512

    5aa6455f821c5651e8038ad98922c11ed3a2bb476e10ca7680acbeb7a750f3f3d7628cf888d1159dd31ffaca5fde46a951068f1cdf56afa0c0437e0ec0debf75

  • SSDEEP

    6144:rsCwu+mWhJifvtNP/7YXSLB80PcfnMhR3peeYmC6Inht5t:AxmIJQvPkitaIR3pmEInht3

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe
    "C:\Users\Admin\AppData\Local\Temp\8cf4f02d6d97813310c7778bac555d00f4eab8b4.exe"
    1⤵
    • Loads dropped DLL
    • Modifies Internet Explorer settings
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2772
    • C:\Users\Admin\AppData\Local\Temp\GPS-1688\GPS_ServicePack.exe
      "C:\Users\Admin\AppData\Local\Temp\GPS-1688\GPS_ServicePack.exe"
      2⤵
      • Executes dropped EXE
      PID:2548

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\GPS-1688\config.xml

    Filesize

    246B

    MD5

    6583e082bc147c12331ae49dce7e1268

    SHA1

    8be14590b5f23fd73373b3bfed1d21cf88fe4e5d

    SHA256

    6c00c4063f1b87c046bd34c05030cd790debabbccda11aa21d8dfd30ada520a6

    SHA512

    67e63b9a46842392127d006e578cb16f8238ec9f6952e74752a46b61004c4932cd50a357a280328cb7630d706b257c8b63aa8060db44b544cdda846dcc5bfb49

  • \Users\Admin\AppData\Local\Temp\GPS-1688\GPS_ServicePack.exe

    Filesize

    241KB

    MD5

    09bfec3c1327db1dc47d29ba857277e2

    SHA1

    af946352e3f5e48f9c4b4dcd059ff45bb75df881

    SHA256

    847c58bd3df8277d2a00541dc014c3b026961f5f3a247dcf7e2bc28b2c32ddcb

    SHA512

    ec4ce365b4d6e13385f60d83cff95d0c543acbf269b08696c50f17fe17b4451a1e97374867f80d76373274fafeb3756dc3aad66bdd2f32b15a9b7fa1adc0d0d0