5ef0d3b3181153df9f37375799b36d746c416bbd07322ccfb3f9a240cdf9f793

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/06/2024, 07:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SystemMechanic.exe
Size

16.4MB
MD5

466a55da5b0187754af3b16768572a4a
SHA1

be0b078476c46c6d393ffb7d20efaadb4da52d65
SHA256

11293fbf7f4747233b1a0470617d3d6da98a0ede3ead09c23c702954b4b7bc12
SHA512

02aa55059cfec52ebf33855b09861232de774ba6232218b6680b987f7b87841f51394d4392b9f4c5f33528202cfcfc065355a6b71b8afe0ec49a40d4b095dcfa
SSDEEP

393216:/IZctXbNzfAF923Q4uL1CPJhAjIDkIODK7gHpjdBoCwOgH7X:AZct5e9pVCPXAjID5ODKUHpjdBFgj

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
3268	SystemMechanic.tmp

Loads dropped DLL 6 IoCs

pid	Process
3268	SystemMechanic.tmp
3268	SystemMechanic.tmp
3268	SystemMechanic.tmp
3268	SystemMechanic.tmp
3268	SystemMechanic.tmp
3268	SystemMechanic.tmp

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 3268	540	SystemMechanic.exe	88
PID 540 wrote to memory of 3268	540	SystemMechanic.exe	88
PID 540 wrote to memory of 3268	540	SystemMechanic.exe	88

C:\Users\Admin\AppData\Local\Temp\SystemMechanic.exe
"C:\Users\Admin\AppData\Local\Temp\SystemMechanic.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Users\Admin\AppData\Local\Temp\is-S06OV.tmp\SystemMechanic.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-S06OV.tmp\SystemMechanic.tmp" /SL5="$80060,16889386,53248,C:\Users\Admin\AppData\Local\Temp\SystemMechanic.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4376,i,6576818814118437872,11004518367271063231,262144 --variations-seed-version --mojo-platform-channel-handle=1036 /prefetch:8
1⤵
PID:372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\is-6R2RN.tmp\installhelper.dll

Filesize
550KB

MD5
580ade4fc11e266fe628435af1b4c3ed

SHA1
f5c1219697a4605d1f097671482681c367cd7a83

SHA256
31f71d0610e2a7602a7befacbfa6090d678e7c4f6c3e6b0b5b82a4e42fbd27cf

SHA512
9ae63de1b65d30f61402be38a0aab3e9856db127df70947686ebe67ea5736f03f6a4308aac36bdbc99ff5f6fc970f58d131098342662e8fbac3387285f634738

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6R2RN.tmp\ioloInstallerUpdate.dll

Filesize
388KB

MD5
0a26a18305c6bb930733d44675004147

SHA1
f13f44aa893a1d1698e27c9f198ec9024edb006c

SHA256
04bb94b392496975c64277895fbfd2c81911a073b20c9f03055e300efdf84b27

SHA512
b5ee33eb31ae21f2fba326c22c0835fa5d6302438890b36978b2c3cfc652d8fc88ffe3882b7bae0356fe65b4249015e481f35b13740b1d9fb0fc39abe6653fbb

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6R2RN.tmp\iwbr.dll

Filesize
327KB

MD5
9eeaa0a8b5d1eb534dbf5a37f34a455d

SHA1
add9409febfb5a716f548d67e95d24de2bd7c092

SHA256
c5eaccd135f02ede357596c9ff9b0093ca1d134c0c41e0a75bd13e4e3db89e5a

SHA512
9b34677de3a48900f550eaa9a40d6afc7dc0689bb3b0b31e5797c9ae8da70728bcff31123b65e32fa7578ec25ab47549f6699c20c7c6d0dbcfe7f535870f3722

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-S06OV.tmp\SystemMechanic.tmp

Filesize
665KB

MD5
9e30ab5e3f6b43f69f928e6b4fcfd604

SHA1
b110f04114c52f2439715cbad3769250dbcdb1b3

SHA256
affbe7f0320f9602d8c51468ecb7bc7960df4f62ab1a36c05ac2fe2816d175ba

SHA512
8d751d8c8023bbd54ea2ea0969ad9f379d8bf1066980fdd58007e778bdf654e4e13264ac8917be91ac8583ea9ae5536ca600530f413cbd887c234ec60be5a45d

Download Submit
memory/540-33-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/540-2-0x0000000000401000-0x000000000040B000-memory.dmp

Filesize
40KB

Download
memory/540-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3268-8-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/3268-34-0x0000000000400000-0x00000000004B5000-memory.dmp

Filesize
724KB

Download
memory/3268-37-0x00000000041E0000-0x00000000042E0000-memory.dmp

Filesize
1024KB

Download
memory/3268-36-0x0000000004010000-0x00000000040E0000-memory.dmp

Filesize
832KB

Download
memory/3268-35-0x0000000003A70000-0x0000000003C05000-memory.dmp

Filesize
1.6MB

Download
memory/3268-45-0x0000000003A70000-0x0000000003C05000-memory.dmp

Filesize
1.6MB

Download