Analysis

  • max time kernel
    118s
  • max time network
    120s
  • platform
    windows7_x64
  • resource
    win7-20240705-en
  • resource tags

    arch:x64arch:x86image:win7-20240705-enlocale:en-usos:windows7-x64system
  • submitted
    27-08-2024 04:29

General

  • Target

    $TEMP/map/clickheat/documents/msisip.dll

  • Size

    15KB

  • MD5

    da23a12845607133acf1db3502d4e575

  • SHA1

    3808f3a44ffb3b2bdb7a5e57c650b0a96cd52b5f

  • SHA256

    cacbc2940693d704d489f90015d24a01ec509b426bd96febc1852131a53977b8

  • SHA512

    8b0d6a3598d4bb6b4dd061d6ad1c56c1dc8fcad5047e5c484c9b85a9698e52029cd0d873dbe8c74bcb53e6d61750fbb616f1c9e6f8ecebb82367d9e73a14ba1b

  • SSDEEP

    192:tF8MmFDXLSPZdLzAfbkKIcY7HvqAdsiLuvRzJhaSjocS0xY0Yrk26Ab8WQn:tqvFDXmPZN+/IcY7HyniCRa4IIYvGWQ

Score
8/10

Malware Config

Signatures

  • Manipulates Digital Signatures 1 TTPs 12 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Windows\system32\regsvr32.exe
    regsvr32 /s C:\Users\Admin\AppData\Local\Temp\$TEMP\map\clickheat\documents\msisip.dll
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\Windows\SysWOW64\regsvr32.exe
      /s C:\Users\Admin\AppData\Local\Temp\$TEMP\map\clickheat\documents\msisip.dll
      2⤵
      • Manipulates Digital Signatures
      • System Location Discovery: System Language Discovery
      PID:1840

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads