Analysis
-
max time kernel
42s -
max time network
45s -
platform
windows7_x64 -
resource
win7-20220718-en -
resource tags
arch:x64arch:x86image:win7-20220718-enlocale:en-usos:windows7-x64system -
submitted
25-07-2022 06:20
Static task
static1
Behavioral task
behavioral1
Sample
55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063.exe
Resource
win10v2004-20220721-en
General
-
Target
55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063.exe
-
Size
245KB
-
MD5
2711ed38244626962bd768e14fe98828
-
SHA1
84e2e522ef8deb105ea16bb2d07b34d5cd809077
-
SHA256
55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063
-
SHA512
1475fff672c42b07a940631321ab8a718be4b00e8ff7650aa567cd530b6f10216ce51c3cb2f504704189d0204bd379f49cd4343e021c2e0aa6c8b0a69cc77efc
Malware Config
Signatures
-
suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
suricata: ET MALWARE ETag HTTP Header Observed at JPCERT Sinkhole
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Maps connected drives based on registry 3 TTPs 2 IoCs
Disk information is often read in order to detect sandboxing environments.
Processes:
55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\disk\enum 55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063.exe Key value enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\Disk\Enum 55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063.exe -
Drops file in Windows directory 1 IoCs
Processes:
55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063.exedescription ioc process File created C:\Windows\Tasks\Bidaily Synchronize Task[973b].job 55f3cbcaa6d810500eafcb38964edabf3448acdd856b480af3548f3a00c8c063.exe
Processes
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2032-54-0x0000000075A81000-0x0000000075A83000-memory.dmpFilesize
8KB
-
memory/2032-55-0x0000000000130000-0x000000000015F000-memory.dmpFilesize
188KB
-
memory/2032-59-0x0000000000160000-0x0000000000187000-memory.dmpFilesize
156KB
-
memory/2032-63-0x00000000000F0000-0x0000000000119000-memory.dmpFilesize
164KB
-
memory/2032-64-0x00000000000F0000-0x0000000000119000-memory.dmpFilesize
164KB