Overview

overview

8

Static

static

8

ฺฺฺà...ฺฺ

windows10_x64

8

ฺฺฺà...ฺฺ

windows10_x64

8

Analysis

  • max time kernel
    13s
  • max time network
    28s
  • platform
    windows10_x64
  • resource
    win10v20201028
  • submitted
    21-11-2020 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Supremo_dpg.bin.exe

  • Size

    3.4MB

  • MD5

    def75fe315cfec6efa1c379e3158d0ba

  • SHA1

    08f5f86dd6b1fcb08cfb314f052b90ea159e646b

  • SHA256

    e308592a1e35ae141697464a66ac10698cfd6e249fd1bfcf51d85bd3f6b887d4

  • SHA512

    cdce01adc882981556dfba936485bcf2c8ddcbd1bf9239cb741741af507d3f828ffdfed88925663683136e5c12bb0edb742722e0ea086352ebf29339f4d090ee

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Supremo_dpg.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\Supremo_dpg.bin.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:580
    • C:\Users\Admin\AppData\Local\Temp\SupremoRemoteDesktop\SupremoSystem.exe
      "C:\Users\Admin\AppData\Local\Temp\SupremoRemoteDesktop\SupremoSystem.exe" "C:\Users\Admin\AppData\Local\Temp\Supremo_dpg.bin.exe" "/SYSRUN"
      2⤵
      • Executes dropped EXE
      PID:3556
  • C:\Users\Admin\AppData\Local\Temp\SupremoRemoteDesktop\SupremoSystem.exe
    C:\Users\Admin\AppData\Local\Temp\SupremoRemoteDesktop\SupremoSystem.exe
    1⤵
    • Executes dropped EXE
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3972
    • C:\Users\Admin\AppData\Local\Temp\Supremo_dpg.bin.exe
      "C:\Users\Admin\AppData\Local\Temp\Supremo_dpg.bin.exe" /SYSRUN
      2⤵
        PID:3412

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\SupremoRemoteDesktop\SupremoSystem.exe
      MD5

      8084c31bf6de2832aaff18996575a908

      SHA1

      6aa4b5f29f01ec1799cb6a0f7e7515f4bda2e254

      SHA256

      cc98acd859762fdb13c8953d1fc81598f0e6e4dfb106b525e0ef870d33150c91

      SHA512

      3d1ec3356b869df3191ec0e2ba9b4c740a298571308cc88dcc033575922ecb428b802bc522f66f44f0364c66600e71c974486ac124ec7249f89c133442a23346

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\SupremoRemoteDesktop\SupremoSystem.exe
      MD5

      8084c31bf6de2832aaff18996575a908

      SHA1

      6aa4b5f29f01ec1799cb6a0f7e7515f4bda2e254

      SHA256

      cc98acd859762fdb13c8953d1fc81598f0e6e4dfb106b525e0ef870d33150c91

      SHA512

      3d1ec3356b869df3191ec0e2ba9b4c740a298571308cc88dcc033575922ecb428b802bc522f66f44f0364c66600e71c974486ac124ec7249f89c133442a23346

      Download Submit
    • C:\Users\Admin\AppData\Local\Temp\SupremoRemoteDesktop\SupremoSystem.exe
      MD5

      8084c31bf6de2832aaff18996575a908

      SHA1

      6aa4b5f29f01ec1799cb6a0f7e7515f4bda2e254

      SHA256

      cc98acd859762fdb13c8953d1fc81598f0e6e4dfb106b525e0ef870d33150c91

      SHA512

      3d1ec3356b869df3191ec0e2ba9b4c740a298571308cc88dcc033575922ecb428b802bc522f66f44f0364c66600e71c974486ac124ec7249f89c133442a23346

      Download Submit
    • memory/3412-4-0x0000000000000000-mapping.dmp
      Download
    • memory/3556-0-0x0000000000000000-mapping.dmp
      Download