107f98a350f0932f5912cce2f30ee471ccc9242801f7fe864ce424e7ab283f6d

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 15:25

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Uninstall.exe
Size

1.3MB
MD5

2bdfa7e2c3ea2e9a177e68d3fe43d9f2
SHA1

8c3cb540b9f35badaa5bbce9b7880fb4c31d0be1
SHA256

e967f918595fa95f7c64332e126a02bc0cd52bfa95b8b0c23304625923ae6ce7
SHA512

f0f2778739a1443dbd8bc10127b69f48ba89c9316a5eaba1d2ef3f622b56b819712619dff62f37b9593fe4dd9cc6ac51f524bf2982dce0ec48f2c11295937fc5
SSDEEP

24576:mnhoO2MWVANx8eB6GPB9SzKQEu7bdH99n6g1NEvKKtv0:mhHx7SmS7v9nX1NEy08

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
1152	appdater-uninstall.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1152	appdater-uninstall.exe
1152	appdater-uninstall.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 560 wrote to memory of 1152	560	Uninstall.exe	86
PID 560 wrote to memory of 1152	560	Uninstall.exe	86
PID 560 wrote to memory of 1152	560	Uninstall.exe	86

C:\Users\Admin\AppData\Local\Temp\Uninstall.exe
"C:\Users\Admin\AppData\Local\Temp\Uninstall.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:560
- C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.exe
  "C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.exe" /run
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:1152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.exe

Filesize
1.3MB

MD5
2bdfa7e2c3ea2e9a177e68d3fe43d9f2

SHA1
8c3cb540b9f35badaa5bbce9b7880fb4c31d0be1

SHA256
e967f918595fa95f7c64332e126a02bc0cd52bfa95b8b0c23304625923ae6ce7

SHA512
f0f2778739a1443dbd8bc10127b69f48ba89c9316a5eaba1d2ef3f622b56b819712619dff62f37b9593fe4dd9cc6ac51f524bf2982dce0ec48f2c11295937fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.log

Filesize
59B

MD5
12a464a669bf782ff7ebd7cb9efad05f

SHA1
dd9a9053e6f773967012fc2c49a2356efffa341e

SHA256
3e6d0c48ee166987fac78912c6d877b81374ad91039043e5b788ede178274d36

SHA512
c27963d2c3e927bfec6558984926d9621c822cb23763bf0c057b4cc3f1504164575866a0d4fe20294d8717619e7deb9efbe2a4650c980173a6397d66c75f991f

Download Submit
C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.log

Filesize
168B

MD5
088613a4e07844f972a1e6f0f5fe6074

SHA1
a384b4133e307d584a04025a98b838202679318f

SHA256
5480dcbf320f6bfec4b628164de3f51aceaf5af4a5f612777f20320afe1e2aea

SHA512
39656ea28157b7efa4df707b3c5e759bd815d791e60d9cef5621d3861c1671314deb62adede99059256c8ec28ee5a7b1e79a4d6d5e2bba21ea9e244d31e2201c

Download Submit
C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.log

Filesize
494B

MD5
bc8364daf31204020035a6faa88297b3

SHA1
4386aae7f88c310c7096d95f142f8b4fd096057f

SHA256
d8c8d1f356715396db5cffa1037782c9dcfb9dd9c34cb9f50f6e8c1260f55810

SHA512
cb97fd603d05c83cbde4979988bf8a243e19d9601322141d9ee7ee691feb31110435a48b7b6f16ae2e5e9eec26d19b5b05108ceef10327dc40cfa67a5d3f6b40

Download Submit
C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.log

Filesize
316B

MD5
98095a9113ae11ba45b90f432080e679

SHA1
846e0e053481501f61b54d81fece5f9c013e129d

SHA256
d4606de26c5ab6df2d5ce21b215d4429cd39f769116c01370897a39effb10c13

SHA512
396a48dec02a86a2171a353600a472ed213379c152dbd09e9ea12662ef6fc5ec09a7708e099fc6d8fda6f5538fc9af89d190910b088c3e19e18e56822c4bd012

Download Submit
C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.log

Filesize
523B

MD5
3049d8dd5d13df9f278cef1ba083a8e6

SHA1
0d88e5ec1f4de6f034858c08ff937c8d9e07007d

SHA256
8d3be33fa03d5ed3d4986181af075604b1a1fb350b4d86ad1b31188fd6998c8a

SHA512
9715c2b139ab4998c405a0ca3b45caef65eda830e639115c52a2cbcdd7425a3111e308d1718f51e6f1576b7f8d7e2988470609282afdda32a5faf5e9f627098b

Download Submit
C:\Users\Admin\AppData\Local\Temp\appdater-uninstall.log

Filesize
1021B

MD5
358fe64fc7986b67f88aa9233b8b564a

SHA1
a5d58ec7d13f7b3725d4a4ce85486a19bd185ed6

SHA256
19dc8ecfef72f79c272b191266008b0393d5fab82b033a060da17771c0b568dc

SHA512
89952007153eb65fd7a313767bbf33462db63736ff1a7c688c104767d10bd11753826b606f6b62941ff6b5fca75bdcf47fa71337e3e37d36dc2bceb00ba376a2

Download Submit
memory/560-51-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/560-0-0x0000000000830000-0x0000000000831000-memory.dmp

Filesize
4KB

Download
memory/560-30-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/560-1-0x0000000000414000-0x0000000000415000-memory.dmp

Filesize
4KB

Download
memory/560-2-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/560-3-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/560-40-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/1152-11-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/1152-41-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/1152-35-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/1152-10-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/1152-12-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/1152-13-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download
memory/1152-63-0x0000000000400000-0x0000000000558000-memory.dmp

Filesize
1.3MB

Download