Analysis
-
max time kernel
92s -
max time network
100s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
01-07-2024 03:49
Static task
static1
Behavioral task
behavioral1
Sample
e1d6c54e8615fcce53a28e1c95b1e37f.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
e1d6c54e8615fcce53a28e1c95b1e37f.exe
Resource
win10v2004-20240508-en
General
-
Target
e1d6c54e8615fcce53a28e1c95b1e37f.exe
-
Size
22.1MB
-
MD5
e1d6c54e8615fcce53a28e1c95b1e37f
-
SHA1
92791061d3fa71b300470e4a9483b33051f5a73d
-
SHA256
bdc4ec2d129289ab93589ba0aa3c220dff1510aa3c5802b9b441d37c5e9959bb
-
SHA512
c17bdcfe26fcf119188e32fe202faea8313e036e37e8d8bc8fa5bdd918b0d16ac63a3c083a7363bfbf6bcf4e392fe1bb990d4bc91e5dffc0ae711682c1845e0c
-
SSDEEP
393216:url9qPLrn8YJ+MAsvxivZROem0iLlOhCQEklr/euRnZs/uf45X3lYMPs:uWX8YpAsvCRU0ifQpGuc/uf45e
Malware Config
Signatures
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Executes dropped EXE 1 IoCs
Processes:
e1d6c54e8615fcce53a28e1c95b1e37f.exepid process 2968 e1d6c54e8615fcce53a28e1c95b1e37f.exe -
Loads dropped DLL 1 IoCs
Processes:
e1d6c54e8615fcce53a28e1c95b1e37f.exepid process 2968 e1d6c54e8615fcce53a28e1c95b1e37f.exe -
Suspicious use of WriteProcessMemory 3 IoCs
Processes:
e1d6c54e8615fcce53a28e1c95b1e37f.exedescription pid process target process PID 4420 wrote to memory of 2968 4420 e1d6c54e8615fcce53a28e1c95b1e37f.exe e1d6c54e8615fcce53a28e1c95b1e37f.exe PID 4420 wrote to memory of 2968 4420 e1d6c54e8615fcce53a28e1c95b1e37f.exe e1d6c54e8615fcce53a28e1c95b1e37f.exe PID 4420 wrote to memory of 2968 4420 e1d6c54e8615fcce53a28e1c95b1e37f.exe e1d6c54e8615fcce53a28e1c95b1e37f.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\e1d6c54e8615fcce53a28e1c95b1e37f.exe"C:\Users\Admin\AppData\Local\Temp\e1d6c54e8615fcce53a28e1c95b1e37f.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\Temp\{CAB6D5BC-D43D-4C06-A1E0-CE50872A2A90}\.cr\e1d6c54e8615fcce53a28e1c95b1e37f.exe"C:\Windows\Temp\{CAB6D5BC-D43D-4C06-A1E0-CE50872A2A90}\.cr\e1d6c54e8615fcce53a28e1c95b1e37f.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\e1d6c54e8615fcce53a28e1c95b1e37f.exe" -burn.filehandle.attached=556 -burn.filehandle.self=6922⤵
- Executes dropped EXE
- Loads dropped DLL
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Windows\Temp\{3B9DC926-A8D0-4C61-8A3D-A0F73E2D5BF3}\.ba\logo.pngFilesize
16KB
MD5a54f03b65471d3c5c791b6300269754c
SHA195a97a5b7b458b91ae48fe76973538a5ebc83bb9
SHA25631a4adff17fb1206725ef540820a714ba82906483379529c7ae396270e9061e1
SHA512ad5eee11a15557a03110c6420051ba493ab31c42c71cd5e868195ca8c165594a405d0385274c87e6f5d33d6295c43d5e263295cd13b3dce41a5b95a5db18cac0
-
C:\Windows\Temp\{3B9DC926-A8D0-4C61-8A3D-A0F73E2D5BF3}\.ba\wixstdba.dllFilesize
205KB
MD587c8a7ea44e8ee0d9358e25b7dcd397d
SHA10e2021be823fee499175d2c0d68346d15c02a376
SHA256b7de0a0ca3a94738747abd708e30ba1f9638a8c8b7d8173c76d4f39fae3d9346
SHA51298b5bbe5bb3ec331a0025e3da209296050b2f695be5a4b90b5c939f8fbbaada6dd93483eba779c10151546c2798aab5282fa619a55ec0cf04f56a03795a0a3f5
-
C:\Windows\Temp\{CAB6D5BC-D43D-4C06-A1E0-CE50872A2A90}\.cr\e1d6c54e8615fcce53a28e1c95b1e37f.exeFilesize
878KB
MD5d04581c46594333c6d417af6475869a7
SHA135eab2fd3b11b3b253b9740968c0be69e0dfcad8
SHA256fe398116974ca8024ba305bf070e16385b04db6b9c68e671813d6562aa645fa3
SHA512d89f4526686773115825ed14ce1d0c6f8efe8b19ead8875d9c890dfe8a823b992656af4039ee878995d07626b88a6030ad6539e5c643b09d85a43d3bc8a207a7