4a8a70d55a86a4950958f4449542f81ef2ce761bbc3dd86d012c4baf922f5538

Analysis

max time kernel
140s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4983a06051b0774eb951e1e9a51e1b5.exe
Size

13.9MB
MD5

d4983a06051b0774eb951e1e9a51e1b5
SHA1

9d748d068442f2b5aae091cd7c0dd8eeaa68de21
SHA256

4a8a70d55a86a4950958f4449542f81ef2ce761bbc3dd86d012c4baf922f5538
SHA512

27afa431e0d45c318e0c27ded798ac02709dbf386a1c2d85c1c67be19340bab8c46d8123f9763657a85d22091bd9629939a28254c618dc9e8a721a5dc942699b
SSDEEP

393216:3BmT6Bp1pMTwbWR2HPNQymjOZ7hzrSmza:IS+eWR2HFQymjOZ5vm

Score

7^/10

discovery

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

ISBEW64.exe

pid process

2164 ISBEW64.exe

pid	process
2164	ISBEW64.exe

Loads dropped DLL 6 IoCs

Processes:

d4983a06051b0774eb951e1e9a51e1b5.exe

pid	process
3016	d4983a06051b0774eb951e1e9a51e1b5.exe
3016	d4983a06051b0774eb951e1e9a51e1b5.exe
3016	d4983a06051b0774eb951e1e9a51e1b5.exe
3016	d4983a06051b0774eb951e1e9a51e1b5.exe
3016	d4983a06051b0774eb951e1e9a51e1b5.exe
3016	d4983a06051b0774eb951e1e9a51e1b5.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

d4983a06051b0774eb951e1e9a51e1b5.exe

pid process

3016 d4983a06051b0774eb951e1e9a51e1b5.exe

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

d4983a06051b0774eb951e1e9a51e1b5.exe

description	pid	process	target process
PID 3016 wrote to memory of 2164	3016	d4983a06051b0774eb951e1e9a51e1b5.exe	ISBEW64.exe
PID 3016 wrote to memory of 2164	3016	d4983a06051b0774eb951e1e9a51e1b5.exe	ISBEW64.exe
PID 3016 wrote to memory of 2164	3016	d4983a06051b0774eb951e1e9a51e1b5.exe	ISBEW64.exe
PID 3016 wrote to memory of 2164	3016	d4983a06051b0774eb951e1e9a51e1b5.exe	ISBEW64.exe

C:\Users\Admin\AppData\Local\Temp\d4983a06051b0774eb951e1e9a51e1b5.exe
"C:\Users\Admin\AppData\Local\Temp\d4983a06051b0774eb951e1e9a51e1b5.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of WriteProcessMemory
PID:3016

C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\ISBEW64.exe
C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\ISBEW64.exe {EFB7539B-24F3-46B6-AF6E-3B021B51EFEF}:{43DBE4DE-16B6-4394-B639-1138F6382DA1}
2⤵
- Executes dropped EXE
PID:2164

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\{1134BAD3-9A67-4737-91D7-2F1F74FDE2FC}\Disk1\_Setup.dll
Filesize
153KB

MD5
7d0a617a8820e4615d3af7012938214c

SHA1
625dc413c271403512e77cbc15eac534a78b5522

SHA256
f8ccb1f1bf5c6d066056c67644b43b561f994a909f2d0d4c53071016f2dccd1e

SHA512
67c3e2c71c07022575e92ad0038e95dd1899311f680fe7dd7296a2dddb2e4235a8b5962e4b00679992917e3a93fa719337f8f5ec317d1fe493d992e4f27b2869

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1134BAD3-9A67-4737-91D7-2F1F74FDE2FC}\Disk1\data1.hdr
Filesize
19KB

MD5
178f49a70258367ff34abbbf44bdc1ca

SHA1
a83ef0b27eae5ce58e2cfac60c164a102a838eb4

SHA256
951a806508713010ffc74ebff51cafc29d6aba2d914ba7b40f323ea28b7dee9d

SHA512
a9d119d4b82ff0b46a3f2d232f3d40bc093ddd62eb5ab9d68baa770370102ca83712066083f9e3f82d6db05f387a3bf536375c2182954282b4339b81b9cf748e

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1134BAD3-9A67-4737-91D7-2F1F74FDE2FC}\Disk1\setup.exe
Filesize
384KB

MD5
8d699c26857440661fad1aed839ffc79

SHA1
7c38f49f874da346a4a3e4f3850d7cc287d83576

SHA256
350e4cfc8a692fc8382571d64ef00f6f4d4f997b85bb687e67ea222cdb2556ac

SHA512
4053a6cefe15cd29dfc4ece4d5521e1473dfc8af6275dfb7cca8863722b3807fc3ee7cdba33f0ba6ef417b3530b2cabe8d74e6235dab0554f00201305b465b9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\{1134BAD3-9A67-4737-91D7-2F1F74FDE2FC}\setup.ini
Filesize
521B

MD5
12356dea017849ba88c3eb730f95c367

SHA1
afdc737adcab61d274b6f9e5da1ad8ffdc997c23

SHA256
58d82695088e2f94e6186034364fd8469fc9a01eb6e6a63d32d6e2e3dd457662

SHA512
1d8e4fad830be971f2a8c47fd083b172fea30233c6f2c706ce34297bc9cefbf3d512151c7a16a7cdde269fb3fdc527dccc8ba6b457488672f9d3844b3cef5ad4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\ISBEW64.exe
Filesize
114KB

MD5
2a276ba2b7782476302c59d0f760f4bc

SHA1
43bbb884a7b65534c417ae5a3f3f17f7e80e2f7d

SHA256
d3294cc8c750c4bd63016e87e9d2c53a501c173567f4edb9a3c6f1bd9836064a

SHA512
6bed8d3291ed422aed187637838bfb957ea59c772be3bc52c12242474712f411e174afe55ed6955b910a8ce3635f1552260063cf6db428a4e34bc76a4e3e01f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\{12F382E1-63D4-4B94-BD32-5F845E74FC79}\DIFxData.ini
Filesize
86B

MD5
10baa5b67536f4433f37534b9c8bb828

SHA1
82e5c34b1279afda223b639b49078d03c52875f5

SHA256
1b9fd5c1f18357bd459be20bfcbf47ee18fa0c5d5cc42f6aed2705d5868b65f4

SHA512
49c6798ebb3b6137cafb78b88350d02094367523dcf8f9e580de1941e514b8b3df786d1d817090e5dab80ac4d0d015796b2ce28b296db31d111e0d0bbaeebb37

Download Submit
C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\{12F382E1-63D4-4B94-BD32-5F845E74FC79}\FontData.ini
Filesize
39B

MD5
00f313e3e007599349a0c4d81c7807c4

SHA1
f0171f15aab836a1979d3833e46b5e59e4ea32e0

SHA256
766ee687d90b0217eb41cb85aca04375bdc24db986a33536631f864b7ce1a08a

SHA512
8bb25a62c0b1640dec36403a493ed54c05f7cde7b7357c8faea785a79c4b76bbe6a3d6fe78db52b558a37abac90c2b2e8b13868a76294554d51670e9fa8764ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\{12F382E1-63D4-4B94-BD32-5F845E74FC79}\VASData.ini
Filesize
30B

MD5
b16ff78e4420d4049da82fffe3026d31

SHA1
612be1fde59d3d4534a4d8e0947b65060ed6146b

SHA256
029f695d7a558a0070bdb42c07d35c7ae436fbd0688079b7ada58093505d9579

SHA512
8042f5a1f12ef644b7def42c52c90a252ff4a6c099956530cff8147daf2edd8934f5bc79bb560f550d47755fead71a1d0fbe7d52fdc0fb30a0ad64471beaaf7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\{12F382E1-63D4-4B94-BD32-5F845E74FC79}\_IsRes.dll
Filesize
545KB

MD5
936570437cdd944172b100e677603523

SHA1
97e56b29733846d4ffef7791830f3e9ae355783a

SHA256
682e00f308be80c69172b0e7d76f2ed555b7838be7b7f61774687aa1cdf1ce8b

SHA512
d357c39570079e2ce64c0affb0c33b46033c41244df9812e69b7bff7cc75287ea103bbe27dc7ae775b41d4a2dc0fe1088ad04369b6b435dbdb5ef70145ab9df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\{12F382E1-63D4-4B94-BD32-5F845E74FC79}\isrt.dll
Filesize
217KB

MD5
0f68d760fb480a1b039ca7d6b877d24c

SHA1
259d101a49646c3abe17114111ff9aa7df1b8fc2

SHA256
5974ce20a780d384383cfc24af4dc62bc22ca67ce1d76ea9981c42631480ab63

SHA512
d551553ceca5b9ba86f7422893df78ce71167096cbeae65319c344abf57601e8e6c8f9779a9a45ed28ce32c3e1c477b843d8ad4437e0643c0fabf56ab7f586d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\{22DC289E-AA6E-4F23-B63E-3004A5BA00E7}\{12F382E1-63D4-4B94-BD32-5F845E74FC79}\setup.inx
Filesize
227KB

MD5
4d8854a0a5be89a89c9fa572950c0f35

SHA1
5f4a5195a7e83cb60f441a3f2522fe2b4f3efc54

SHA256
30379f60779330bfe466c705c6b9cd964f8502f43c4534ba8b10812e1406dffd

SHA512
4f68bfc8f169696564187958b9a2f4a30229aadb94e9d2a0b27e4ca3ec08c7d2b7efac505e3d74a14579a67764893a7e069b6e12af2777490fcc07131ae0277f

Download Submit
\Users\Admin\AppData\Local\Temp\{1134BAD3-9A67-4737-91D7-2F1F74FDE2FC}\Disk1\ISSetup.dll
Filesize
542KB

MD5
2dd1c4a68e2a8a401018f5efdab5adde

SHA1
13fc964947516230c70d38281d0312bc1afe13c0

SHA256
7c173cdaea8e3a3cc95b7196681cb904f3996f81289d5890b30f38c99eba45ae

SHA512
c69f3e46d36e07e6093f66cf072c83fc8c7249ff86c9cd84168ee46dbb7a621d562cee7de5685b408bd5f71889d6433e99ff8045955e5b8ab2c9eeb71941d165

Download Submit
memory/3016-85-0x0000000004280000-0x0000000004308000-memory.dmp

Filesize
544KB

Download
memory/3016-86-0x00000000003F0000-0x00000000003F2000-memory.dmp

Filesize
8KB

Download
memory/3016-21-0x00000000023B0000-0x000000000254A000-memory.dmp

Filesize
1.6MB

Download
memory/3016-89-0x00000000046E0000-0x0000000004769000-memory.dmp

Filesize
548KB

Download
memory/3016-22-0x0000000000240000-0x0000000000242000-memory.dmp

Filesize
8KB

Download
memory/3016-121-0x00000000023B0000-0x000000000254A000-memory.dmp

Filesize
1.6MB

Download
memory/3016-122-0x0000000004280000-0x0000000004308000-memory.dmp

Filesize
544KB

Download
memory/3016-125-0x00000000003F0000-0x00000000003F2000-memory.dmp

Filesize
8KB

Download