05294a695ffb84bc42b766951d26c841b22b2d7f59bd3ca0576a470cb7a1624e

Analysis

max time kernel
119s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 05:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

750c9c8af72aebe8d8681cc535e11190N.exe
Size

404KB
MD5

750c9c8af72aebe8d8681cc535e11190
SHA1

d770bd457d013512f3a1d260cd368752f30ae0b8
SHA256

05294a695ffb84bc42b766951d26c841b22b2d7f59bd3ca0576a470cb7a1624e
SHA512

036d9b191649c2bf20550ad4b79772e03d872fc8fa6f135677f6121e0e08f148be121ac2d474626b582553e1aace0c2aa27ef7500e6c2f3a7414e870bc79c4b2
SSDEEP

6144:4jlYKRF/LReWAsUy0oZnfk11bHC1kASFY1QK03QciqvLc:4jauDReWuf1HCrSFyciqDc

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2336	rupiqq.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-464762018-485119342-1613148473-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft® Windows® Operating System = "C:\\ProgramData\\rupiqq.exe"	rupiqq.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2536 wrote to memory of 2336	2536	750c9c8af72aebe8d8681cc535e11190N.exe	85
PID 2536 wrote to memory of 2336	2536	750c9c8af72aebe8d8681cc535e11190N.exe	85
PID 2536 wrote to memory of 2336	2536	750c9c8af72aebe8d8681cc535e11190N.exe	85

C:\Users\Admin\AppData\Local\Temp\750c9c8af72aebe8d8681cc535e11190N.exe
"C:\Users\Admin\AppData\Local\Temp\750c9c8af72aebe8d8681cc535e11190N.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2536
- C:\ProgramData\rupiqq.exe
  "C:\ProgramData\rupiqq.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Documents and Settings .exe

Filesize
404KB

MD5
c0d75ab025275e9c75edb70f469fe8a7

SHA1
0a0c2082db5fb9749706cbde9f2ea9ab9a1e24c8

SHA256
c7d76e0c001d16e3e20c953cc42a5f3941b55fc10180af7541488c8448468e3f

SHA512
e51c2a5d0a014ed6c26c4022a3c0afffa839b7b8ced562c5f6338ce7154db6067724c0304e0953e5b8a68d6921b7054f37cad1a86796fa56e297eb1e6707a6c2

Download Submit
C:\ProgramData\Saaaalamm\Mira.h

Filesize
136KB

MD5
cb4c442a26bb46671c638c794bf535af

SHA1
8a742d0b372f2ddd2d1fdf688c3c4ac7f9272abf

SHA256
f8d2c17bdf34ccfb58070ac8b131a8d95055340101a329f9a7212ac5240d0c25

SHA512
074a31e8da403c0a718f93cbca50574d8b658921193db0e6e20eacd232379286f14a3698cd443dc740d324ad19d74934ae001a7ad64b88897d8afefbc9a3d4e3

Download Submit
C:\ProgramData\rupiqq.exe

Filesize
267KB

MD5
a982c93a1eb34182831b3d46473747d5

SHA1
f310797e2aad7698cd06a202c796d22ad569619a

SHA256
a91eaa6b50691bc38c989edccd60809e22bc95de28ee61cb168e46d7e5a6b3df

SHA512
7d69a2053b6838a2d25c896b6c063288718cb66d6d9f2e9fc8e6e5d39dbc7fc4fd882aa8b11ee16a58f7925e2499d9707ab7f46e46028b9065214f25eacbb86d

Download Submit
memory/2336-130-0x0000000000400000-0x0000000000448000-memory.dmp

Filesize
288KB

Download
memory/2536-0-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2536-1-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download
memory/2536-8-0x0000000000400000-0x0000000000474000-memory.dmp

Filesize
464KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads