Analysis
-
max time kernel
142s -
max time network
154s -
platform
windows10_x64 -
resource
win10v20210408 -
submitted
13-07-2021 13:58
Static task
static1
Behavioral task
behavioral1
Sample
socks-null.exe
Resource
win7v20210410
General
-
Target
socks-null.exe
-
Size
29KB
-
MD5
d474d6c26cfcb09d74b1d499ef410786
-
SHA1
4dbf718297e3dc14d0ed4e615b2b6d7f7884bb58
-
SHA256
12fb1d0ec7c8d790cbb49d2e4ece2a59c4d46a31d4c740c94e994d342f2445ac
-
SHA512
d357e3e29a4e81475a6537b352ea0fe5ad6f76457b610bcae5204dcd263cb7f02691cbc6b56ab8218569ec0061e0a80b0b5836a16cb5d2a5d05fca0935bcc2e5
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
xlfki.exepid process 496 xlfki.exe -
Drops file in Windows directory 2 IoCs
Processes:
socks-null.exedescription ioc process File opened for modification C:\Windows\Tasks\xlfki.job socks-null.exe File created C:\Windows\Tasks\xlfki.job socks-null.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
socks-null.exepid process 808 socks-null.exe 808 socks-null.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\bbao\xlfki.exeMD5
d474d6c26cfcb09d74b1d499ef410786
SHA14dbf718297e3dc14d0ed4e615b2b6d7f7884bb58
SHA25612fb1d0ec7c8d790cbb49d2e4ece2a59c4d46a31d4c740c94e994d342f2445ac
SHA512d357e3e29a4e81475a6537b352ea0fe5ad6f76457b610bcae5204dcd263cb7f02691cbc6b56ab8218569ec0061e0a80b0b5836a16cb5d2a5d05fca0935bcc2e5
-
C:\ProgramData\bbao\xlfki.exeMD5
d474d6c26cfcb09d74b1d499ef410786
SHA14dbf718297e3dc14d0ed4e615b2b6d7f7884bb58
SHA25612fb1d0ec7c8d790cbb49d2e4ece2a59c4d46a31d4c740c94e994d342f2445ac
SHA512d357e3e29a4e81475a6537b352ea0fe5ad6f76457b610bcae5204dcd263cb7f02691cbc6b56ab8218569ec0061e0a80b0b5836a16cb5d2a5d05fca0935bcc2e5