cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e | Triage

Submit
Reports

Overview

overview

Static

static

cfcee9378a...5e.exe

windows7_x64

cfcee9378a...5e.exe

windows10-2004_x64

Analysis

max time kernel
2s
max time network
116s
platform
windows7_x64
resource
win7-20220414-en
submitted
24-05-2022 13:38

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e.exe

Resource

win7-20220414-en

evasion suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e.exe

Resource

win10v2004-20220414-en

glupteba dropper evasion loader persistence suricata

windows10-2004_x64

0 signatures

0 seconds

Report Analysis Logs

General

Target

cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e.exe
Size

3.7MB
MD5

720a612077a422109df3c8945e088308
SHA1

14ae2f30c62b716dc97c58d3dfc7954143f950d7
SHA256

cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e
SHA512

83e6e64774e7d878d6badabc7222861c45fe0651368475211d4a392091874a5d3d40bcc0532b2e7c99e28e48f64a3dd1d5393603574e3d318c9a55099219088b

Score

10^/10

evasion suricata

Malware Config

Signatures

suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata: ET MALWARE Glupteba CnC Domain in DNS Lookup
suricata
Modifies Windows Firewall 1 TTPs
evasion

Modify Existing Service
T1031

Processes

C:\Users\Admin\AppData\Local\Temp\cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e.exe
"C:\Users\Admin\AppData\Local\Temp\cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e.exe"
1⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e.exe
"C:\Users\Admin\AppData\Local\Temp\cfcee9378aacb84c082b3e8e6f249baa66f9758ecd0709e8d1a5b618396a1d5e.exe"
2⤵
PID:580

C:\Windows\system32\cmd.exe
C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
3⤵
PID:276

C:\Windows\system32\netsh.exe
netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
4⤵
PID:812

C:\Windows\system32\makecab.exe
"C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20220524154400.log C:\Windows\Logs\CBS\CbsPersist_20220524154400.cab
1⤵
PID:568

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/276-59-0x0000000000000000-mapping.dmp

Download
memory/580-58-0x0000000005400000-0x00000000057A4000-memory.dmp

Filesize
3.6MB

Download
memory/580-62-0x0000000005400000-0x00000000057A4000-memory.dmp

Filesize
3.6MB

Download
memory/580-63-0x0000000000400000-0x0000000003A64000-memory.dmp

Filesize
54.4MB

Download
memory/812-60-0x0000000000000000-mapping.dmp

Download
memory/812-61-0x000007FEFC5C1000-0x000007FEFC5C3000-memory.dmp

Filesize
8KB

Download
memory/1016-54-0x0000000005480000-0x0000000005824000-memory.dmp

Filesize
3.6MB

Download
memory/1016-55-0x0000000005480000-0x0000000005824000-memory.dmp

Filesize
3.6MB

Download
memory/1016-56-0x0000000000400000-0x0000000003A64000-memory.dmp

Filesize
54.4MB

Download
memory/1016-57-0x0000000005830000-0x0000000005F1F000-memory.dmp

Filesize
6.9MB

Download

© 2018-2024

Terms | Privacy