Analysis
-
max time kernel
2s -
max time network
119s -
platform
windows7_x64 -
resource
win7-20240611-en -
resource tags
arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system -
submitted
30-06-2024 23:24
Static task
static1
Behavioral task
behavioral1
Sample
7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe
Resource
win10v2004-20240611-en
General
-
Target
7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe
-
Size
37KB
-
MD5
be18e6809bc428a07024448cbbad0040
-
SHA1
f40ef33d6624021f3a32fd3eedead1dc4d0db823
-
SHA256
7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638
-
SHA512
ba55d8f045dd9867e6b6a88b38b8ee42503453cb29c89b1d3abeee42b2d9b297b507e1e7896d06e4d2f4f1e24f430bc60c84bcc0853a32460888c8ede3ef7961
-
SSDEEP
384:uBT+/jvJ7+gFrJk04OMcYyJXFpOQGR9zos2clAKLHRN74u56/R9zZwu9z9:WOZ+gr36qlXOQ69zbjlAAX5e9zP
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
comupdater.exepid process 2196 comupdater.exe -
Loads dropped DLL 1 IoCs
Processes:
7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exepid process 2024 7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Suspicious use of WriteProcessMemory 7 IoCs
Processes:
7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exedescription pid process target process PID 2024 wrote to memory of 2196 2024 7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe comupdater.exe PID 2024 wrote to memory of 2196 2024 7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe comupdater.exe PID 2024 wrote to memory of 2196 2024 7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe comupdater.exe PID 2024 wrote to memory of 2196 2024 7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe comupdater.exe PID 2024 wrote to memory of 2196 2024 7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe comupdater.exe PID 2024 wrote to memory of 2196 2024 7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe comupdater.exe PID 2024 wrote to memory of 2196 2024 7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe comupdater.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe"C:\Users\Admin\AppData\Local\Temp\7dd2dd7b7ff209d2d19d45ee5f945e66d9daf387f141a210c611788b925b1638.exe"1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\comupdater.exe"C:\Users\Admin\AppData\Local\Temp\comupdater.exe"2⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
\Users\Admin\AppData\Local\Temp\comupdater.exeFilesize
37KB
MD584734e76e52a6b0acf104110a208d17b
SHA1574008f23e260af051fd4e9f8beb00f59a9ba391
SHA256e4b77270fd84551ea316e44509c4bd066fb23624d4f23e46e39c7696f3639f90
SHA51273206e77153003ffbb545b93ab083510851a4cb0029792c1e791b090a2299be51e5a1d7337ec4ca5a53a78c87b47034a4789f12a1b6acba7e4b292d1550122b4
-
memory/2024-1-0x0000000000401000-0x0000000000402000-memory.dmpFilesize
4KB
-
memory/2196-8-0x0000000000400000-0x0000000000407000-memory.dmpFilesize
28KB