Analysis
-
max time kernel
12s -
max time network
17s -
platform
windows7_x64 -
resource
win7-20240220-en -
resource tags
arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system -
submitted
20/06/2024, 10:21
Static task
static1
Behavioral task
behavioral1
Sample
Sapphire Plug-ins 2021.02 for OFX/Tabletka.exe
Resource
win7-20240220-en
Behavioral task
behavioral2
Sample
Sapphire Plug-ins 2021.02 for OFX/Tabletka.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
Sapphire Plug-ins 2021.02 for OFX/sapphire-ofx-install-2021.02.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
Sapphire Plug-ins 2021.02 for OFX/sapphire-ofx-install-2021.02.exe
Resource
win10v2004-20240611-en
General
-
Target
Sapphire Plug-ins 2021.02 for OFX/Tabletka.exe
-
Size
12.3MB
-
MD5
c1032c094655ed448c0c4cc6b3050771
-
SHA1
af739fc5dd19aec52aca9d20df69df342c24b84c
-
SHA256
029a263a32e4ce13f40e177a643ae804f8dad14dbb7fef25e837ba28da1adb65
-
SHA512
b62469868ffc568f22404b30f23966773458d155179e6d0f11756cc42be9504dd5eea59e4a17f8671fac88101d4af33a76b979631c3f7ba1d3cc3ecf40ff43c1
-
SSDEEP
196608:G1ZkxtwuykKfb3y6viwQy5k8xDeFSDtkdGZjB2Ukx19EaK8LBH257Jpsm/2+4FU:Yi9K+v3gziFuNB2pw8NHO9uq9KU
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 2952 Tabletka.tmp -
Loads dropped DLL 3 IoCs
pid Process 2728 Tabletka.exe 2952 Tabletka.tmp 2952 Tabletka.tmp -
Suspicious use of WriteProcessMemory 7 IoCs
description pid Process procid_target PID 2728 wrote to memory of 2952 2728 Tabletka.exe 28 PID 2728 wrote to memory of 2952 2728 Tabletka.exe 28 PID 2728 wrote to memory of 2952 2728 Tabletka.exe 28 PID 2728 wrote to memory of 2952 2728 Tabletka.exe 28 PID 2728 wrote to memory of 2952 2728 Tabletka.exe 28 PID 2728 wrote to memory of 2952 2728 Tabletka.exe 28 PID 2728 wrote to memory of 2952 2728 Tabletka.exe 28
Processes
-
C:\Users\Admin\AppData\Local\Temp\Sapphire Plug-ins 2021.02 for OFX\Tabletka.exe"C:\Users\Admin\AppData\Local\Temp\Sapphire Plug-ins 2021.02 for OFX\Tabletka.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2728 -
C:\Users\Admin\AppData\Local\Temp\is-V0UVO.tmp\Tabletka.tmp"C:\Users\Admin\AppData\Local\Temp\is-V0UVO.tmp\Tabletka.tmp" /SL5="$400F4,11745922,91648,C:\Users\Admin\AppData\Local\Temp\Sapphire Plug-ins 2021.02 for OFX\Tabletka.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2952
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
22KB
MD592dc6ef532fbb4a5c3201469a5b5eb63
SHA13e89ff837147c16b4e41c30d6c796374e0b8e62c
SHA2569884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87
SHA5129908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3
-
Filesize
937KB
MD50c6e4ed2a8e70c3c86183aa036504e1f
SHA139d16d120368bda3fe04b9acb2c0cdced0279c30
SHA25695cf720129ee8f873d8b16d48dc94915f353073212c84fa6c3f38493c76d795c
SHA51208c4e24f58f11e5c2b37ac35122663932cb8d73a9f4e0457ffa9710de6f7be0f12b4c18917e2acea437ecfe5424882945ed297c27e17efec45cb0a95239feece