ab1957246903eef584cadfd067e4cbf9e47e80712a6a2742a0211a6db6b39c4c

Analysis

max time kernel
15s
max time network
17s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
05-09-2024 12:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DedSec Apk Crypter.exe
Size

27.6MB
MD5

0b865ac71d4bcd3ef788696af19413de
SHA1

20df7323f96966c3c82229845824cc12963dc5f5
SHA256

ab1957246903eef584cadfd067e4cbf9e47e80712a6a2742a0211a6db6b39c4c
SHA512

58004f4467ec218de2f72bc74c2c0cc30875fd6162091f5d91e463345401d7a38fd769b63278ec86f1589167ab391a6da8548af34a9f5aaaeb680f91bb0906d1
SSDEEP

786432:LIY7h/LJXfDSTqekNPUV4xzmhVrfCZ676rRtwpl20rK7j:LIY7h/LkT8U4xybzCZG6rkL23v

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2372	CASS.exe
1480	DedSec Apk Crypter.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 2372	3668	DedSec Apk Crypter.exe	74
PID 3668 wrote to memory of 2372	3668	DedSec Apk Crypter.exe	74
PID 3668 wrote to memory of 1480	3668	DedSec Apk Crypter.exe	75
PID 3668 wrote to memory of 1480	3668	DedSec Apk Crypter.exe	75

C:\Users\Admin\AppData\Local\Temp\DedSec Apk Crypter.exe
"C:\Users\Admin\AppData\Local\Temp\DedSec Apk Crypter.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Users\Admin\AppData\Roaming\CASS.exe
  "C:\Users\Admin\AppData\Roaming\CASS.exe"
  2⤵
  - Executes dropped EXE
  PID:2372
- C:\Users\Admin\AppData\Roaming\DedSec Apk Crypter.exe
  "C:\Users\Admin\AppData\Roaming\DedSec Apk Crypter.exe"
  2⤵
  - Executes dropped EXE
  PID:1480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\DedSec Apk Crypter.exe.log

Filesize
654B

MD5
16c5fce5f7230eea11598ec11ed42862

SHA1
75392d4824706090f5e8907eee1059349c927600

SHA256
87ba77c13905298acbac72be90949c4fe0755b6eff9777615aa37f252515f151

SHA512
153edd6da59beea6cc411ed7383c32916425d6ebb65f04c65aab7c1d6b25443d143aa8449aa92149de0ad8a975f6ecaa60f9f7574536eec6b38fe5fd3a6c6adc

Download Submit
C:\Users\Admin\AppData\Roaming\CASS.exe

Filesize
14KB

MD5
f8cea12d06085e85c14c85672fa41bbf

SHA1
b48b5f0e8dd3e1526e117003b98992a226f16d59

SHA256
f2d412c428b44196f257c10980977ce9cf88498d47563c10e8b191e367f1322e

SHA512
dda52066023befeb4c3e9fe706550a149fa196d709fa8cfc767fbf45ee04ba302c30acd49db7f5eb7f806b2df25d6fae671f09a4437d4a2a6121584ca01d894e

Download Submit
C:\Users\Admin\AppData\Roaming\DedSec Apk Crypter.exe

Filesize
27.3MB

MD5
54f7a35b9f84ae7c058f804b9a311af9

SHA1
2b0433ce137acc95c3fcc9e944dcd956bcbc9db2

SHA256
1abd7afe8b133c613f66618b7ae3ba7966d9b22fb147f15f25a84b0ed6a2558b

SHA512
7d31719c3b77494993d8a7937757f4c69d082ccfd18d10d9a122f556a18c159a15f12abfd35efb0ad04516941cf185db9d236ca1ae3109b0cb050be83694458d

Download Submit
memory/1480-18-0x0000017B00410000-0x0000017B01F66000-memory.dmp

Filesize
27.3MB

Download
memory/1480-17-0x00007FFC94BD0000-0x00007FFC955BC000-memory.dmp

Filesize
9.9MB

Download
memory/1480-19-0x0000017B1C770000-0x0000017B1E29C000-memory.dmp

Filesize
27.2MB

Download
memory/1480-20-0x00007FFC94BD0000-0x00007FFC955BC000-memory.dmp

Filesize
9.9MB

Download
memory/1480-22-0x00007FFC94BD0000-0x00007FFC955BC000-memory.dmp

Filesize
9.9MB

Download
memory/2372-8-0x00007FFC94BD0000-0x00007FFC955BC000-memory.dmp

Filesize
9.9MB

Download
memory/2372-9-0x00007FFC94BD0000-0x00007FFC955BC000-memory.dmp

Filesize
9.9MB

Download
memory/2372-7-0x000002005F490000-0x000002005F498000-memory.dmp

Filesize
32KB

Download
memory/2372-21-0x00007FFC94BD0000-0x00007FFC955BC000-memory.dmp

Filesize
9.9MB

Download
memory/3668-1-0x00000000008B0000-0x0000000002450000-memory.dmp

Filesize
27.6MB

Download
memory/3668-0-0x00007FFC94BD3000-0x00007FFC94BD4000-memory.dmp

Filesize
4KB

Download