Resubmissions
25-06-2024 14:19
240625-rm6bxsvdkb 621-06-2024 15:11
240621-sknjrsygjm 617-06-2024 17:09
240617-vn6wmawhlb 1014-06-2024 13:23
240614-qmxjcawdmm 10Analysis
-
max time kernel
60s -
max time network
17s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
-
submitted
17-06-2024 17:09
General
-
Target
FileCenterSetup12.0.16.0.exe
-
Size
300.4MB
-
MD5
123556b83a3dad2f59e76602768e9536
-
SHA1
b402ded286fff73aaf9b32f075bc32029da6d461
-
SHA256
df2b7f274c484ae5baecb3365b1d9fcc4821facf327ce87724b1be597d0c70a9
-
SHA512
bc8dc366b404756a55ab40b66bbcccc8d8b366b0f34938c14324d994118602f0be876eaa61234c18eef7ae4e797789da8dd996f023f0f67c0e053e8022dd3506
-
SSDEEP
6291456:f7u0oceu41pUlsFqvFyeGCIOo7qgB5Fapf5NN9nAug:T9r4vXi5IOyJmfAx
Malware Config
Signatures
-
Executes dropped EXE 3 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious behavior: EnumeratesProcesses 4 IoCs
-
Suspicious use of WriteProcessMemory 9 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\FileCenterSetup12.0.16.0.exe"C:\Users\Admin\AppData\Local\Temp\FileCenterSetup12.0.16.0.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-8TQBQ.tmp\FileCenterSetup12.0.16.0.tmp"C:\Users\Admin\AppData\Local\Temp\is-8TQBQ.tmp\FileCenterSetup12.0.16.0.tmp" /SL5="$601A8,314098152,831488,C:\Users\Admin\AppData\Local\Temp\FileCenterSetup12.0.16.0.exe"2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\is-UOLP0.tmp\FileCenterUtils.exe"C:\Users\Admin\AppData\Local\Temp\is-UOLP0.tmp\FileCenterUtils.exe" -S -INFO "-1" "3" "11" "C:\Users\Admin\AppData\Local\Temp\is-UOLP0.tmp\FileCenterUtilsInfo.ini"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\is-UOLP0.tmp\FileCenterUtils.exe"C:\Users\Admin\AppData\Local\Temp\is-UOLP0.tmp\FileCenterUtils.exe" -S -INFO "-1" "3" "11" "C:\Users\Admin\AppData\Local\Temp\is-UOLP0.tmp\FileCenterUtilsInfo.ini"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\is-8TQBQ.tmp\FileCenterSetup12.0.16.0.tmpFilesize
3.0MB
MD50acf3c16e6faca9c0aec525f53d03866
SHA15c3960b48d2b72ad02e59470d8a7b690ee826f9e
SHA2562c470730bf3efa3f4a9dc184548abefbab8c4aecc43e14834c5810159019c151
SHA51217d98a3b52eb89e02a371f1d6effa59f624696cd14b0589fe436640ddbe04fc6c5d82834f73699dbaa32a7a69343f82863820e72e225e17d710c4de5102b46c2
-
C:\Users\Admin\AppData\Local\Temp\is-UOLP0.tmp\FileCenterUtils.exeFilesize
8.7MB
MD5e9638374a27160513f1a62827b6cf102
SHA1b9da58896020d46c4ef16f8f1b332d5f6c1e6f0f
SHA256c064ba394872e6a8277a5c71b50da34b800d682e403c6b80ec3ba37badf38942
SHA5129632c8416f542dc96f22a0ddcd109e85c29368b1263d86f74bab39aae8e9271a7b3e2eea18932cf4e3fb5e269d3892016b878d29fb6dad002db11367849f293c
-
memory/1224-6-0x0000000000400000-0x000000000071A000-memory.dmpFilesize
3.1MB
-
memory/1224-14-0x0000000000400000-0x000000000071A000-memory.dmpFilesize
3.1MB
-
memory/1224-24-0x0000000000400000-0x000000000071A000-memory.dmpFilesize
3.1MB
-
memory/1224-26-0x0000000000400000-0x000000000071A000-memory.dmpFilesize
3.1MB
-
memory/3612-22-0x0000000001120000-0x0000000001BB6000-memory.dmpFilesize
10.6MB
-
memory/4016-0-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/4016-2-0x0000000000401000-0x00000000004B7000-memory.dmpFilesize
728KB
-
memory/4016-13-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/4016-28-0x0000000000400000-0x00000000004D8000-memory.dmpFilesize
864KB
-
memory/4572-12-0x0000000001120000-0x0000000001BB6000-memory.dmpFilesize
10.6MB