Analysis
-
max time kernel
71s -
max time network
141s -
platform
windows10_x64 -
resource
win10v20201028 -
submitted
15-03-2021 15:35
Static task
static1
Behavioral task
behavioral1
Sample
lsistv.exe
Resource
win7v20201028
General
-
Target
lsistv.exe
-
Size
30KB
-
MD5
9e59c1246f4cb952549c2d12f32208cd
-
SHA1
6412f4e284a1d5fb720f4e1a9d1e08b5bf7a9e5d
-
SHA256
195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1
-
SHA512
2bbdc436a10792aeda2773466c08f919864c23e1503a8964b10990bd16a45054e0ed179d07872959a1eb6552a14a8f730ac6c44f9278057e732ee08c6e3ec494
Malware Config
Extracted
systembc
104.217.8.100:5050
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
purcbxv.exepid process 3288 purcbxv.exe -
Drops file in Windows directory 2 IoCs
Processes:
lsistv.exedescription ioc process File created C:\Windows\Tasks\purcbxv.job lsistv.exe File opened for modification C:\Windows\Tasks\purcbxv.job lsistv.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
lsistv.exepid process 1144 lsistv.exe 1144 lsistv.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\lsistv.exe"C:\Users\Admin\AppData\Local\Temp\lsistv.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\ProgramData\dfsftdq\purcbxv.exeC:\ProgramData\dfsftdq\purcbxv.exe start1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\dfsftdq\purcbxv.exeMD5
9e59c1246f4cb952549c2d12f32208cd
SHA16412f4e284a1d5fb720f4e1a9d1e08b5bf7a9e5d
SHA256195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1
SHA5122bbdc436a10792aeda2773466c08f919864c23e1503a8964b10990bd16a45054e0ed179d07872959a1eb6552a14a8f730ac6c44f9278057e732ee08c6e3ec494
-
C:\ProgramData\dfsftdq\purcbxv.exeMD5
9e59c1246f4cb952549c2d12f32208cd
SHA16412f4e284a1d5fb720f4e1a9d1e08b5bf7a9e5d
SHA256195fa07b1f6fc1c8d4fab943f3b795beeb8cf44495e6e1cedfe0acbeb8a033a1
SHA5122bbdc436a10792aeda2773466c08f919864c23e1503a8964b10990bd16a45054e0ed179d07872959a1eb6552a14a8f730ac6c44f9278057e732ee08c6e3ec494