Analysis
-
max time kernel
142s -
max time network
149s -
platform
windows10_x64 -
resource
win10v200722 -
submitted
10-10-2020 11:20
General
-
Target
3175c7553b29a8e22676a4d4bd7b0ce2.exe
-
Size
7.6MB
-
MD5
3175c7553b29a8e22676a4d4bd7b0ce2
-
SHA1
63af951a129db06f9d5a1be781e8bb9df818da9c
-
SHA256
38a36c357a50c0f3d6ba6cbaa600507d485271ac452212850dff78f1a430f9e1
-
SHA512
d5e87b6ba9448575f4be4988999d8050b1b6218ad505484e67c1bfacae4cfb55b0166105fe53dc148d99344e8b73f4a5df8ea8d8f73ebafce798221e8cf65067
Score
8/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
UPX packed file 18 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Loads dropped DLL 8 IoCs
-
Looks up external IP address via web service 7 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Uses Tor communications 1 TTPs
Malware can proxy its traffic through Tor for more anonymity.
-
Suspicious use of NtSetInformationThreadHideFromDebugger 16 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 2 IoCs
-
Suspicious use of WriteProcessMemory 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\3175c7553b29a8e22676a4d4bd7b0ce2.exe"C:\Users\Admin\AppData\Local\Temp\3175c7553b29a8e22676a4d4bd7b0ce2.exe"1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\24d388a3\tor\dllhost.exe"C:\Users\Admin\AppData\Local\24d388a3\tor\dllhost.exe" -f torrc2⤵
- Executes dropped EXE
- Loads dropped DLL
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
544KB