Analysis
-
max time kernel
146s -
max time network
153s -
platform
windows10_x64 -
resource
win10-20220310-en -
submitted
28-03-2022 09:14
Static task
static1
General
-
Target
79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe
-
Size
252KB
-
MD5
59a15965f9e82e82701608b209dbb06f
-
SHA1
fbb260b648820e0a64e90aa638ba4563254d85f8
-
SHA256
79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4
-
SHA512
5758be4efd35d9e609539d8f490b1aada685c6d1d5359b936246e2e2b90e96c4692aac2f7d5a2feaa3f181edadc19664c151ad18434c5299ce65f8c42e8b190c
Malware Config
Extracted
systembc
31.44.185.6:4001
31.44.185.11:4001
Signatures
-
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)
-
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
-
suricata: ET MALWARE Win32/SystemBC CnC Checkin
suricata: ET MALWARE Win32/SystemBC CnC Checkin
-
Downloads MZ/PE file
-
Executes dropped EXE 1 IoCs
Processes:
iputaek.exepid process 1876 iputaek.exe -
Drops file in Windows directory 3 IoCs
Processes:
79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exeiputaek.exedescription ioc process File created C:\Windows\Tasks\iputaek.job 79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe File opened for modification C:\Windows\Tasks\iputaek.job 79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe File created C:\Windows\Tasks\rogspnjfatqkdecawvw.job iputaek.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exepid process 1536 79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe 1536 79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe"C:\Users\Admin\AppData\Local\Temp\79cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:1536
-
C:\ProgramData\cnuaeef\iputaek.exeC:\ProgramData\cnuaeef\iputaek.exe start1⤵
- Executes dropped EXE
- Drops file in Windows directory
PID:1876
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\cnuaeef\iputaek.exeFilesize
252KB
MD559a15965f9e82e82701608b209dbb06f
SHA1fbb260b648820e0a64e90aa638ba4563254d85f8
SHA25679cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4
SHA5125758be4efd35d9e609539d8f490b1aada685c6d1d5359b936246e2e2b90e96c4692aac2f7d5a2feaa3f181edadc19664c151ad18434c5299ce65f8c42e8b190c
-
C:\ProgramData\cnuaeef\iputaek.exeFilesize
252KB
MD559a15965f9e82e82701608b209dbb06f
SHA1fbb260b648820e0a64e90aa638ba4563254d85f8
SHA25679cec51f1346951f28d406ea651bc28095c8f33c9ccff637c8b1a625435036b4
SHA5125758be4efd35d9e609539d8f490b1aada685c6d1d5359b936246e2e2b90e96c4692aac2f7d5a2feaa3f181edadc19664c151ad18434c5299ce65f8c42e8b190c
-
memory/1536-118-0x0000000000766000-0x0000000000776000-memory.dmpFilesize
64KB
-
memory/1536-119-0x0000000000766000-0x0000000000776000-memory.dmpFilesize
64KB
-
memory/1536-120-0x00000000005D0000-0x00000000005D9000-memory.dmpFilesize
36KB
-
memory/1536-121-0x0000000000400000-0x000000000046A000-memory.dmpFilesize
424KB
-
memory/1876-125-0x0000000000510000-0x000000000065A000-memory.dmpFilesize
1.3MB
-
memory/1876-126-0x00000000004C0000-0x00000000004C9000-memory.dmpFilesize
36KB
-
memory/1876-127-0x0000000000400000-0x000000000046A000-memory.dmpFilesize
424KB