Analysis
-
max time kernel
304s -
max time network
257s -
platform
windows10-1703_x64 -
resource
win10-20240611-en -
resource tags
arch:x64arch:x86image:win10-20240611-enlocale:en-usos:windows10-1703-x64system -
submitted
13-06-2024 18:12
Static task
static1
Behavioral task
behavioral1
Sample
Reveal Sound Spire 1.5.15 CE.exe
Resource
win10-20240611-en
General
-
Target
Reveal Sound Spire 1.5.15 CE.exe
-
Size
176.4MB
-
MD5
a205a67c585feb0cab6897a1518a7323
-
SHA1
c5f734ed72090ed13ed4c10071c41177b217d912
-
SHA256
27d519625974f1defc3de5b110e84aa5fde9504ff75b6caaa8e2ea1f0fdc3202
-
SHA512
8fda88575061002b6273fb645b91156ae3d519913bb9aa2365735397d5cbe5d138f02b4c1cbc544154d7138dbdc1338ec77a10e0225c1e5256b6010f54dadea3
-
SSDEEP
3145728:E9mENoWSER0ATrUKkDOx0KBrVLVPgl/s5x/Zghubth3cwRZ5stA8wWk3msV0JH:EgEN9SycjC1BTPMsx/Zg6/3cwZ56wp3i
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
Reveal Sound Spire 1.5.15 CE.tmppid process 2324 Reveal Sound Spire 1.5.15 CE.tmp -
Loads dropped DLL 1 IoCs
Processes:
Reveal Sound Spire 1.5.15 CE.tmppid process 2324 Reveal Sound Spire 1.5.15 CE.tmp -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
Reveal Sound Spire 1.5.15 CE.exedescription pid process target process PID 3632 wrote to memory of 2324 3632 Reveal Sound Spire 1.5.15 CE.exe Reveal Sound Spire 1.5.15 CE.tmp PID 3632 wrote to memory of 2324 3632 Reveal Sound Spire 1.5.15 CE.exe Reveal Sound Spire 1.5.15 CE.tmp PID 3632 wrote to memory of 2324 3632 Reveal Sound Spire 1.5.15 CE.exe Reveal Sound Spire 1.5.15 CE.tmp
Processes
-
C:\Users\Admin\AppData\Local\Temp\Reveal Sound Spire 1.5.15 CE.exe"C:\Users\Admin\AppData\Local\Temp\Reveal Sound Spire 1.5.15 CE.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3632 -
C:\Users\Admin\AppData\Local\Temp\is-HE2DQ.tmp\Reveal Sound Spire 1.5.15 CE.tmp"C:\Users\Admin\AppData\Local\Temp\is-HE2DQ.tmp\Reveal Sound Spire 1.5.15 CE.tmp" /SL5="$70158,181836760,881152,C:\Users\Admin\AppData\Local\Temp\Reveal Sound Spire 1.5.15 CE.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2324
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3.1MB
MD51acf44947e8634420112dd7245eb042e
SHA10913247780ef519f598a65ad48325e4ddb3f1287
SHA25676e1c5c5fc2ce048f6efc2877a5ae9140ce8fe272dd280f88af4de43c6ec12ab
SHA512437582fa966d30e3d6917f8ed2f645a6bd0393b59a13e5e72c4acf4fc45e64a83897406a60cd22641b43963afcaf670e128a36339448dfa6767ebbe44b90783b
-
Filesize
2KB
MD5a69559718ab506675e907fe49deb71e9
SHA1bc8f404ffdb1960b50c12ff9413c893b56f2e36f
SHA2562f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc
SHA512e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63