Analysis

  • max time kernel
    120s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    12/06/2024, 15:36

General

  • Target

    fb192bcd133fa9c2c12106379439aafc7c707f2f374890cc74408949419550dc.exe

  • Size

    570KB

  • MD5

    7fc12634a84e67658c646cd24851ea06

  • SHA1

    68f0922629d76864f7bcb52ae18065b258f59137

  • SHA256

    fb192bcd133fa9c2c12106379439aafc7c707f2f374890cc74408949419550dc

  • SHA512

    953f3928c42d4181e681ca6d91078fc82fb6e730dcdf18c2a24d811463a7ba6526f9e2110abac5594da15a45d39cadb01b42cf0ceb675051c24acb5d4577cf91

  • SSDEEP

    12288:u9vXAsOGBRT3JOodDJYXKgboqdX5pfYeotmdk0a6Zn919mMRrtE64NDkPlyN:u9osOG7T3JTDJYXKQrfY6ba6NoAri0UN

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\fb192bcd133fa9c2c12106379439aafc7c707f2f374890cc74408949419550dc.exe
    "C:\Users\Admin\AppData\Local\Temp\fb192bcd133fa9c2c12106379439aafc7c707f2f374890cc74408949419550dc.exe"
    1⤵
    • Loads dropped DLL
    • Modifies system certificate store
    • Suspicious use of WriteProcessMemory
    PID:1924
    • C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1718206616_1924_2696_489567313\ISL_Light_Client_4_4_2332_44 31116949.exe
      ISL_Light_Client_4_4_2332_44_31116949.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of SetWindowsHookEx
      PID:2792

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    70KB

    MD5

    49aebf8cbd62d92ac215b2923fb1b9f5

    SHA1

    1723be06719828dda65ad804298d0431f6aff976

    SHA256

    b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

    SHA512

    bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    f6590a70a18e662c609142ad864c287a

    SHA1

    dc03adfc0ae2ef65d664b09ee8f2a9d67a49b142

    SHA256

    208a1f8449df35a41228830fae436c01d8e71e32bb10e3c470eedeb8678a8e5d

    SHA512

    bf9864c37102e9e40aa8b6e4c8d3667eab477f5db35cc2b98977bd338beac1e007f323913a3c3e185ff4af4e62237778a6445dd0881c8b3e4ab6c2df992760a1

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    342B

    MD5

    39e292b2d2c9d50e481d0b5611a55709

    SHA1

    73b3d9cebe6fca0794b5249c509cac34c9d7d8db

    SHA256

    45cedb0146cd37d4891494147adc5addc17f74cef7dc9997a94a97d872c2bf4a

    SHA512

    0cf3330d336a43f7cbbdf90454bd6306ccb2497541e93375fe3efe1946eb5ac88783e86f72b2ba1e94d8bab2e82823f4b792868b024bd21561b0486abcc2df5c

  • C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

    Filesize

    5KB

    MD5

    e0531c304e7eb4d37a242d1a9acae0a5

    SHA1

    a45fbae6700da348b73f09bdbe8d68ec5c132e97

    SHA256

    1d5218868ca093498b1c1c9fb5a70266e1ee0950fb37f711a0507c81792bdc77

    SHA512

    c3773af88e812945064b947ec7d671a4025c4fa8de6fd56abb56b83d7f87cdf9a608c5622383dc4be1f996a2f0762ccff66fcc3dab27223c64e2a4dd49a10596

  • C:\Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\isl_network_start.log

    Filesize

    17KB

    MD5

    91c7c6160c184fb2bd6790be72ea6561

    SHA1

    778ec4bde5d4f92a0bb4d15140e447ed2f63052e

    SHA256

    fd42fcbd77e5c89b76a233e314b01ee5ee2f424bf71cae437d0b61e3dcb77f74

    SHA512

    1c10df11c145d6b67df6dfa804535c27f287aeac6b265ab43908ba9afdf69e8f7ebce7de0592246fca056940bae3ed3e8d784db904a808a72b9761406edcc2f0

  • C:\Users\Admin\AppData\Local\Temp\Cab33DE.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar34EF.tmp

    Filesize

    181KB

    MD5

    4ea6026cf93ec6338144661bf1202cd1

    SHA1

    a1dec9044f750ad887935a01430bf49322fbdcb7

    SHA256

    8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

    SHA512

    6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

  • \Users\Admin\AppData\Local\ISL Online Cache\ISL Light Client\1\ISLLight.dll

    Filesize

    3.1MB

    MD5

    24754b10246766dda98e82855e71c6ee

    SHA1

    893e291686669a5c82f4efa9da5f7bab1eae0ce6

    SHA256

    4b58e1b0d4eb121eda6754d8bdb018b4208b72175d9e2f1d627a575ff8cc50eb

    SHA512

    4cc1ab75d56d1e854f322ee8b0b4ee1d5a814ebf41ea3b318dc825581f8be6b2f359358cc89fbb38b03ea428e8fa5061ce504714ec8074948eb61503f7940a2d

  • \Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\ISLNetworkStart.dll

    Filesize

    1.2MB

    MD5

    915fa508b3d33db290f16730caa7cb92

    SHA1

    6de72f6e0a18673667e8cf8405995d09b61e4bf8

    SHA256

    002ca914b6d376000aab4eaf1cf19b7eddee6f17611bd5341617e51c0a167b8a

    SHA512

    eab9d6fe607dfa72cf4a7a490b3d7dd7930bb555aef981650aa5c11fd0978ab2188fc757b5b0ca4d730c3c4c971447c68ead554e727babf487707936ca2d3f75

  • \Users\Admin\AppData\Local\ISL Online Cache\ISL Network Start\1\extract_1718206616_1924_2696_489567313\ISL_Light_Client_4_4_2332_44 31116949.exe

    Filesize

    1.8MB

    MD5

    c81363a2eb4d9bbb26250794373aa4f9

    SHA1

    970741630ec7e90587384a5f286555f79a8d0255

    SHA256

    c19e9188918a308ac33e4504ff5853eef5d0c772d9fd79b7f2a1c02b2726a908

    SHA512

    18a24ef60daa9cb87289ea28f0f85cbf699c29dcff3dd87cdf4cc507f2bd63b0c39965ed7da5ec7d987524d3074709491932178564606527163c92350943a502

  • memory/2792-208-0x0000000000090000-0x0000000000091000-memory.dmp

    Filesize

    4KB