Overview
overview
10Static
static
10SUNBURST/A...34.dll
windows7_x64
1SUNBURST/A...34.dll
windows10_x64
1SUNBURST/A...77.dll
windows7_x64
1SUNBURST/A...77.dll
windows10_x64
SUNBURST/A...bc.dll
windows7_x64
1SUNBURST/A...bc.dll
windows10_x64
1SUNBURST/A...d6.dll
windows7_x64
1SUNBURST/A...d6.dll
windows10_x64
1SUNBURST/A...af.dll
windows7_x64
1SUNBURST/A...af.dll
windows10_x64
1SUNBURST/A...8d.dll
windows7_x64
1SUNBURST/A...8d.dll
windows10_x64
1SUNBURST/A...71.dll
windows7_x64
1SUNBURST/A...71.dll
windows10_x64
1SUNBURST/F...ad.dll
windows7_x64
1SUNBURST/F...ad.dll
windows10_x64
1SUNBURST/F...e5.dll
windows7_x64
1SUNBURST/F...e5.dll
windows10_x64
1SUNBURST/F...6d.exe
windows7_x64
1SUNBURST/F...6d.exe
windows10_x64
1SUNBURST/F...91.exe
windows7_x64
1SUNBURST/F...91.exe
windows10_x64
1SUNBURST/F...0c.dll
windows7_x64
1SUNBURST/F...0c.dll
windows10_x64
3SUNBURST/F...d9.dll
windows7_x64
8SUNBURST/F...d9.dll
windows10_x64
8SUNBURST/F...a6.exe
windows7_x64
3SUNBURST/F...a6.exe
windows10_x64
3SUNBURST/F...65.exe
windows7_x64
1SUNBURST/F...65.exe
windows10_x64
1SUNBURST/F...40.exe
windows7_x64
1SUNBURST/F...40.exe
windows10_x64
1Analysis
-
max time kernel
15s -
max time network
106s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
26-12-2020 20:02
Behavioral task
behavioral1
Sample
SUNBURST/APT_Backdoor_SUNBURST/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral2
Sample
SUNBURST/APT_Backdoor_SUNBURST/019085a76ba7126fff22770d71bd901c325fc68ac55aa743327984e89f4b0134.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral3
Sample
SUNBURST/APT_Backdoor_SUNBURST/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral4
Sample
SUNBURST/APT_Backdoor_SUNBURST/32519b85c0b422e4656de6e6c41878e95fd95026267daab4215ee59c107d6c77.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral5
Sample
SUNBURST/APT_Backdoor_SUNBURST/a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral6
Sample
SUNBURST/APT_Backdoor_SUNBURST/a25cadd48d70f6ea0c4a241d99c5241269e6faccb4054e62d16784640f8e53bc.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral7
Sample
SUNBURST/APT_Backdoor_SUNBURST/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral8
Sample
SUNBURST/APT_Backdoor_SUNBURST/ce77d116a074dab7a22a0fd4f2c1ab475f16eec42e1ded3c0b0aa8211fe858d6.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral9
Sample
SUNBURST/APT_Backdoor_SUNBURST/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral10
Sample
SUNBURST/APT_Backdoor_SUNBURST/d3c6785e18fba3749fb785bc313cf8346182f532c59172b69adfb31b96a5d0af.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral11
Sample
SUNBURST/APT_Dropper_Win64_TEARDROP/6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral12
Sample
SUNBURST/APT_Dropper_Win64_TEARDROP/6e4050c6a2d2e5e49606d96dd2922da480f2e0c70082cc7e54449a7dc0d20f8d.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral13
Sample
SUNBURST/APT_Webshell_SUPERNOVA/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral14
Sample
SUNBURST/APT_Webshell_SUPERNOVA/c15abaf51e78ca56c0376522d699c978217bf041a3bd3c71d09193efa5717c71.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral15
Sample
SUNBURST/FalsePositives/0201b92d3d877df4de0d109ce6f3d647cfde3ab9d881f8cddc10d4bb8e5f21ad.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral16
Sample
SUNBURST/FalsePositives/0201b92d3d877df4de0d109ce6f3d647cfde3ab9d881f8cddc10d4bb8e5f21ad.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral17
Sample
SUNBURST/FalsePositives/191a0fc897f798860c541f0e3fcd496f5d586f54c967d6e21621d974ebdd9de5.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral18
Sample
SUNBURST/FalsePositives/191a0fc897f798860c541f0e3fcd496f5d586f54c967d6e21621d974ebdd9de5.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral19
Sample
SUNBURST/FalsePositives/e8593c908f6ac1656d5261073be7df756b5dd5dd428742c090e2c0ad983df56d.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral20
Sample
SUNBURST/FalsePositives/e8593c908f6ac1656d5261073be7df756b5dd5dd428742c090e2c0ad983df56d.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral21
Sample
SUNBURST/FireEyeTools/0340043481091d92dcfb2c498aad3c0afca2fd208ef896f65af790cc147f8891.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral22
Sample
SUNBURST/FireEyeTools/0340043481091d92dcfb2c498aad3c0afca2fd208ef896f65af790cc147f8891.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral23
Sample
SUNBURST/FireEyeTools/078403b4e89ff06d2fe2ed7e75428a381f83ffb708dbd01b0220767498947f0c.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral24
Sample
SUNBURST/FireEyeTools/078403b4e89ff06d2fe2ed7e75428a381f83ffb708dbd01b0220767498947f0c.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral25
Sample
SUNBURST/FireEyeTools/1cf5710e500a423b84b51fa3afdd923fe0a8255c5817d3238175623e2ebbfad9.dll
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral26
Sample
SUNBURST/FireEyeTools/1cf5710e500a423b84b51fa3afdd923fe0a8255c5817d3238175623e2ebbfad9.dll
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral27
Sample
SUNBURST/FireEyeTools/82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral28
Sample
SUNBURST/FireEyeTools/82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral29
Sample
SUNBURST/FireEyeTools/a022820a62198fa3e3b89749b38db1cc3a09136524682fb99a3ce36652725065.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral30
Sample
SUNBURST/FireEyeTools/a022820a62198fa3e3b89749b38db1cc3a09136524682fb99a3ce36652725065.exe
Resource
win10v20201028
windows10_x64
Behavioral task
behavioral31
Sample
SUNBURST/FireEyeTools/b6ef03aec5d10e371f0b06c661036d838ef55fa7dc75cf91fca3622bdefa8140.exe
Resource
win7v20201028
windows7_x64
Behavioral task
behavioral32
Sample
SUNBURST/FireEyeTools/b6ef03aec5d10e371f0b06c661036d838ef55fa7dc75cf91fca3622bdefa8140.exe
Resource
win10v20201028
windows10_x64
General
-
Target
SUNBURST/FireEyeTools/82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6.exe
-
Size
17KB
-
MD5
562ecbba043552d59a0f23f61cea0983
-
SHA1
472af2b122c23bf0ca10c78d389a5a7f030a3536
-
SHA256
82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6
-
SHA512
96e57af877fb1b6c6508326c25e44f01613342eeee731d49ba68fe82fdd3ea6aa82fc4bbad8fdee2ace3081a89792fb2b5b57f6a8dc533113f9c01c0f1141c1b
Malware Config
Signatures
-
Program crash 1 IoCs
pid pid_target Process procid_target 3704 4768 WerFault.exe 67 -
Suspicious behavior: EnumeratesProcesses 14 IoCs
pid Process 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe 3704 WerFault.exe -
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 3704 WerFault.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\SUNBURST\FireEyeTools\82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6.exe"C:\Users\Admin\AppData\Local\Temp\SUNBURST\FireEyeTools\82cce26c60a5105e6caf5ac92eabb3dedcd883cd075f2056f27b0ec58aefaaa6.exe"1⤵PID:4768
-
C:\Windows\system32\WerFault.exeC:\Windows\system32\WerFault.exe -u -p 4768 -s 1602⤵
- Program crash
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3704
-