bdc4ec2d129289ab93589ba0aa3c220dff1510aa3c5802b9b441d37c5e9959bb

Analysis

max time kernel
121s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 03:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e1d6c54e8615fcce53a28e1c95b1e37f.exe
Size

22.1MB
MD5

e1d6c54e8615fcce53a28e1c95b1e37f
SHA1

92791061d3fa71b300470e4a9483b33051f5a73d
SHA256

bdc4ec2d129289ab93589ba0aa3c220dff1510aa3c5802b9b441d37c5e9959bb
SHA512

c17bdcfe26fcf119188e32fe202faea8313e036e37e8d8bc8fa5bdd918b0d16ac63a3c083a7363bfbf6bcf4e392fe1bb990d4bc91e5dffc0ae711682c1845e0c
SSDEEP

393216:url9qPLrn8YJ+MAsvxivZROem0iLlOhCQEklr/euRnZs/uf45X3lYMPs:uWX8YpAsvCRU0ifQpGuc/uf45e

Score

4^/10

discovery

Malware Config

Signatures

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Executes dropped EXE 1 IoCs

Processes:

e1d6c54e8615fcce53a28e1c95b1e37f.exe

pid process

2240 e1d6c54e8615fcce53a28e1c95b1e37f.exe
Loads dropped DLL 2 IoCs

Processes:

e1d6c54e8615fcce53a28e1c95b1e37f.exee1d6c54e8615fcce53a28e1c95b1e37f.exe

pid process

2244 e1d6c54e8615fcce53a28e1c95b1e37f.exe
2240 e1d6c54e8615fcce53a28e1c95b1e37f.exe

pid	process
2240	e1d6c54e8615fcce53a28e1c95b1e37f.exe

pid	process
2244	e1d6c54e8615fcce53a28e1c95b1e37f.exe
2240	e1d6c54e8615fcce53a28e1c95b1e37f.exe

Suspicious use of WriteProcessMemory 7 IoCs

Processes:

e1d6c54e8615fcce53a28e1c95b1e37f.exe

description	pid	process	target process
PID 2244 wrote to memory of 2240	2244	e1d6c54e8615fcce53a28e1c95b1e37f.exe	e1d6c54e8615fcce53a28e1c95b1e37f.exe
PID 2244 wrote to memory of 2240	2244	e1d6c54e8615fcce53a28e1c95b1e37f.exe	e1d6c54e8615fcce53a28e1c95b1e37f.exe
PID 2244 wrote to memory of 2240	2244	e1d6c54e8615fcce53a28e1c95b1e37f.exe	e1d6c54e8615fcce53a28e1c95b1e37f.exe
PID 2244 wrote to memory of 2240	2244	e1d6c54e8615fcce53a28e1c95b1e37f.exe	e1d6c54e8615fcce53a28e1c95b1e37f.exe
PID 2244 wrote to memory of 2240	2244	e1d6c54e8615fcce53a28e1c95b1e37f.exe	e1d6c54e8615fcce53a28e1c95b1e37f.exe
PID 2244 wrote to memory of 2240	2244	e1d6c54e8615fcce53a28e1c95b1e37f.exe	e1d6c54e8615fcce53a28e1c95b1e37f.exe
PID 2244 wrote to memory of 2240	2244	e1d6c54e8615fcce53a28e1c95b1e37f.exe	e1d6c54e8615fcce53a28e1c95b1e37f.exe

C:\Users\Admin\AppData\Local\Temp\e1d6c54e8615fcce53a28e1c95b1e37f.exe
"C:\Users\Admin\AppData\Local\Temp\e1d6c54e8615fcce53a28e1c95b1e37f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2244

C:\Windows\Temp\{63E2D5EE-F227-4857-A29E-7A44E1CCC376}\.cr\e1d6c54e8615fcce53a28e1c95b1e37f.exe
"C:\Windows\Temp\{63E2D5EE-F227-4857-A29E-7A44E1CCC376}\.cr\e1d6c54e8615fcce53a28e1c95b1e37f.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\e1d6c54e8615fcce53a28e1c95b1e37f.exe" -burn.filehandle.attached=288 -burn.filehandle.self=292
2⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2240

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Temp\{2B90D7A1-8CB0-42DD-9CE3-2BD25110A716}\.ba\logo.png
Filesize
16KB

MD5
a54f03b65471d3c5c791b6300269754c

SHA1
95a97a5b7b458b91ae48fe76973538a5ebc83bb9

SHA256
31a4adff17fb1206725ef540820a714ba82906483379529c7ae396270e9061e1

SHA512
ad5eee11a15557a03110c6420051ba493ab31c42c71cd5e868195ca8c165594a405d0385274c87e6f5d33d6295c43d5e263295cd13b3dce41a5b95a5db18cac0

Download Submit
\Windows\Temp\{2B90D7A1-8CB0-42DD-9CE3-2BD25110A716}\.ba\wixstdba.dll
Filesize
205KB

MD5
87c8a7ea44e8ee0d9358e25b7dcd397d

SHA1
0e2021be823fee499175d2c0d68346d15c02a376

SHA256
b7de0a0ca3a94738747abd708e30ba1f9638a8c8b7d8173c76d4f39fae3d9346

SHA512
98b5bbe5bb3ec331a0025e3da209296050b2f695be5a4b90b5c939f8fbbaada6dd93483eba779c10151546c2798aab5282fa619a55ec0cf04f56a03795a0a3f5

Download Submit
\Windows\Temp\{63E2D5EE-F227-4857-A29E-7A44E1CCC376}\.cr\e1d6c54e8615fcce53a28e1c95b1e37f.exe
Filesize
878KB

MD5
d04581c46594333c6d417af6475869a7

SHA1
35eab2fd3b11b3b253b9740968c0be69e0dfcad8

SHA256
fe398116974ca8024ba305bf070e16385b04db6b9c68e671813d6562aa645fa3

SHA512
d89f4526686773115825ed14ce1d0c6f8efe8b19ead8875d9c890dfe8a823b992656af4039ee878995d07626b88a6030ad6539e5c643b09d85a43d3bc8a207a7

Download Submit