Overview

overview

10

Static

static

354fed4072...79.exe

windows10_x64

10

Analysis

  • max time kernel
    149s
  • max time network
    144s
  • platform
    windows10_x64
  • resource
    win10-20220414-en
  • submitted
    04-05-2022 16:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    354fed4072f0c12b9a7e40f48feb32c043481d0a87fbff599ce36fd2e323d379.exe

  • Size

    697KB

  • MD5

    3523aba425931e1afbe4864ae714beb1

  • SHA1

    38e49f28a2f36eb1346eec18083c6a6b3e7ab4d7

  • SHA256

    354fed4072f0c12b9a7e40f48feb32c043481d0a87fbff599ce36fd2e323d379

  • SHA512

    973a8a551c38d7efc5f3d21ae0d34b053f8330cec858814d06384b9a7bc12ef1e97fb3d4ce0bd638ab79e0c1f297af61a430c5f1ab81666127abd8d331c069dc

Score
10/10
plugxtrojan

Malware Config

Signatures

  • Detects PlugX Payload 4 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 3 IoCs
  • Unexpected DNS network traffic destination 2 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\354fed4072f0c12b9a7e40f48feb32c043481d0a87fbff599ce36fd2e323d379.exe
    "C:\Users\Admin\AppData\Local\Temp\354fed4072f0c12b9a7e40f48feb32c043481d0a87fbff599ce36fd2e323d379.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Users\Admin\AppData\Local\Temp\adb.exe
      "C:\Users\Admin\AppData\Local\Temp\adb.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of AdjustPrivilegeToken
      PID:3616
  • C:\ProgramData\adb\adb.exe
    "C:\ProgramData\adb\adb.exe" 100 3616
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:2320
  • C:\ProgramData\adb\adb.exe
    "C:\ProgramData\adb\adb.exe" 200 0
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe 201 0
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4156
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\system32\msiexec.exe 209 4156
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:2436

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\adb\AdbWinApi.dat
    Filesize

    148KB

    MD5

    cbcc0845497ddd773399e0f095539a4c

    SHA1

    6c878e4ee18d14b94a3214bdd283b221a1981877

    SHA256

    88045766007380b99fa7874c633d66bcb17d3314b6145ad5f8d8216e8e24b375

    SHA512

    e9a237e1ed9a53ce52c52ed40c43073430bc54b36996c53a90ab7524c0e3a3c9d8fa403b4f0ee52997f19d4d720f7d9db8efa7e988ca53efc221573a05a8e38f

    Download Submit
  • C:\ProgramData\adb\AdbWinApi.dll
    Filesize

    33KB

    MD5

    114d0cdadcbdec8c6baa9af0a869700a

    SHA1

    a794329bac18d02b891b0e24ec73d88da4fe3404

    SHA256

    9217518710b77766d9dc3397c3ce9bd88734c71c8b80a2dd1e9ed1312efacd9c

    SHA512

    edab7b4ee16d7e8797d297c6e3add9b2b685b732d51a9c1b3994f8cf21c285fb3a2198d02536168d2153711eb4ed925ad602459c70def4c5c7cbff5ec12d6a3f

    Download Submit
  • C:\ProgramData\adb\adb.exe
    Filesize

    804KB

    MD5

    790fb1184a3ed8e475263daa54f98469

    SHA1

    37a60f670a4f3c68a4872ec2e95c0be2bd130dae

    SHA256

    ef4c7f4c417c18cd3394dd81ccd94381af252e0af81b0ad89b7e6d81412f4706

    SHA512

    66a2325c59a7fdacd049f43b528224682245c2705f10c50a907b6454d5755522b9d9d07046426d42db8c324ba95adbde1de087e31a0fb21b635c1dc4ca25a4f8

    Download Submit
  • C:\ProgramData\adb\adb.exe
    Filesize

    804KB

    MD5

    790fb1184a3ed8e475263daa54f98469

    SHA1

    37a60f670a4f3c68a4872ec2e95c0be2bd130dae

    SHA256

    ef4c7f4c417c18cd3394dd81ccd94381af252e0af81b0ad89b7e6d81412f4706

    SHA512

    66a2325c59a7fdacd049f43b528224682245c2705f10c50a907b6454d5755522b9d9d07046426d42db8c324ba95adbde1de087e31a0fb21b635c1dc4ca25a4f8

    Download Submit
  • C:\ProgramData\adb\adb.exe
    Filesize

    804KB

    MD5

    790fb1184a3ed8e475263daa54f98469

    SHA1

    37a60f670a4f3c68a4872ec2e95c0be2bd130dae

    SHA256

    ef4c7f4c417c18cd3394dd81ccd94381af252e0af81b0ad89b7e6d81412f4706

    SHA512

    66a2325c59a7fdacd049f43b528224682245c2705f10c50a907b6454d5755522b9d9d07046426d42db8c324ba95adbde1de087e31a0fb21b635c1dc4ca25a4f8

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\AdbWinApi.dat
    Filesize

    148KB

    MD5

    cbcc0845497ddd773399e0f095539a4c

    SHA1

    6c878e4ee18d14b94a3214bdd283b221a1981877

    SHA256

    88045766007380b99fa7874c633d66bcb17d3314b6145ad5f8d8216e8e24b375

    SHA512

    e9a237e1ed9a53ce52c52ed40c43073430bc54b36996c53a90ab7524c0e3a3c9d8fa403b4f0ee52997f19d4d720f7d9db8efa7e988ca53efc221573a05a8e38f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\AdbWinApi.dll
    Filesize

    33KB

    MD5

    114d0cdadcbdec8c6baa9af0a869700a

    SHA1

    a794329bac18d02b891b0e24ec73d88da4fe3404

    SHA256

    9217518710b77766d9dc3397c3ce9bd88734c71c8b80a2dd1e9ed1312efacd9c

    SHA512

    edab7b4ee16d7e8797d297c6e3add9b2b685b732d51a9c1b3994f8cf21c285fb3a2198d02536168d2153711eb4ed925ad602459c70def4c5c7cbff5ec12d6a3f

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\adb.exe
    Filesize

    804KB

    MD5

    790fb1184a3ed8e475263daa54f98469

    SHA1

    37a60f670a4f3c68a4872ec2e95c0be2bd130dae

    SHA256

    ef4c7f4c417c18cd3394dd81ccd94381af252e0af81b0ad89b7e6d81412f4706

    SHA512

    66a2325c59a7fdacd049f43b528224682245c2705f10c50a907b6454d5755522b9d9d07046426d42db8c324ba95adbde1de087e31a0fb21b635c1dc4ca25a4f8

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\adb.exe
    Filesize

    804KB

    MD5

    790fb1184a3ed8e475263daa54f98469

    SHA1

    37a60f670a4f3c68a4872ec2e95c0be2bd130dae

    SHA256

    ef4c7f4c417c18cd3394dd81ccd94381af252e0af81b0ad89b7e6d81412f4706

    SHA512

    66a2325c59a7fdacd049f43b528224682245c2705f10c50a907b6454d5755522b9d9d07046426d42db8c324ba95adbde1de087e31a0fb21b635c1dc4ca25a4f8

    Download Submit
  • \ProgramData\adb\AdbWinApi.dll
    Filesize

    33KB

    MD5

    114d0cdadcbdec8c6baa9af0a869700a

    SHA1

    a794329bac18d02b891b0e24ec73d88da4fe3404

    SHA256

    9217518710b77766d9dc3397c3ce9bd88734c71c8b80a2dd1e9ed1312efacd9c

    SHA512

    edab7b4ee16d7e8797d297c6e3add9b2b685b732d51a9c1b3994f8cf21c285fb3a2198d02536168d2153711eb4ed925ad602459c70def4c5c7cbff5ec12d6a3f

    Download Submit
  • \ProgramData\adb\AdbWinApi.dll
    Filesize

    33KB

    MD5

    114d0cdadcbdec8c6baa9af0a869700a

    SHA1

    a794329bac18d02b891b0e24ec73d88da4fe3404

    SHA256

    9217518710b77766d9dc3397c3ce9bd88734c71c8b80a2dd1e9ed1312efacd9c

    SHA512

    edab7b4ee16d7e8797d297c6e3add9b2b685b732d51a9c1b3994f8cf21c285fb3a2198d02536168d2153711eb4ed925ad602459c70def4c5c7cbff5ec12d6a3f

    Download Submit
  • \Users\Admin\AppData\Local\Temp\AdbWinApi.dll
    Filesize

    33KB

    MD5

    114d0cdadcbdec8c6baa9af0a869700a

    SHA1

    a794329bac18d02b891b0e24ec73d88da4fe3404

    SHA256

    9217518710b77766d9dc3397c3ce9bd88734c71c8b80a2dd1e9ed1312efacd9c

    SHA512

    edab7b4ee16d7e8797d297c6e3add9b2b685b732d51a9c1b3994f8cf21c285fb3a2198d02536168d2153711eb4ed925ad602459c70def4c5c7cbff5ec12d6a3f

    Download Submit
  • memory/2320-136-0x00000000006F0000-0x000000000083A000-memory.dmp
    Filesize

    1.3MB

    Download
  • memory/2436-138-0x0000000000000000-mapping.dmp
    Download
  • memory/2436-141-0x0000000000AA0000-0x0000000000AD5000-memory.dmp
    Filesize

    212KB

    Download
  • memory/3616-123-0x0000000002580000-0x0000000002680000-memory.dmp
    Filesize

    1024KB

    Download
  • memory/3616-124-0x0000000000A40000-0x0000000000A75000-memory.dmp
    Filesize

    212KB

    Download
  • memory/3616-117-0x0000000000000000-mapping.dmp
    Download
  • memory/4156-134-0x0000000000000000-mapping.dmp
    Download
  • memory/4156-137-0x0000000003500000-0x0000000003535000-memory.dmp
    Filesize

    212KB

    Download
  • memory/5040-135-0x0000000000880000-0x00000000008B5000-memory.dmp
    Filesize

    212KB

    Download