Overview

overview

9

Static

static

8

bdb6672d33...fe.exe

windows7-x64

9

bdb6672d33...fe.exe

windows10-2004-x64

9

Analysis

  • max time kernel
    92s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    18/09/2022, 23:10

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    bdb6672d339d6fc19af420865d8731a183c082f03b77b7b33811ffbf5d7b09fe.exe

  • Size

    103KB

  • MD5

    b1481280f045a2320f182050a997cf70

  • SHA1

    bdd776eadbbe9437bac26e1b8495e59e8f0b15df

  • SHA256

    bdb6672d339d6fc19af420865d8731a183c082f03b77b7b33811ffbf5d7b09fe

  • SHA512

    0c627fa02b468ebbffe4a31e6ae5da50a806ab460fe6c32fb75785f0cf165e4b4a519c8b50c614e7ca56d9fcb1ef671465bf43b6d8329a42cc6ccc862c1abf4a

  • SSDEEP

    1536:U3TJJbyJBDFfBcMCmVE8d425I9lZF2UYIVGXTL29H6TKirhT+KUBPwVAGkqT33:UjJgVB8PZ9lZFpDVGX216H9+y33

Score
9/10
upx

Malware Config

Signatures

  • ACProtect 1.3x - 1.4x DLL software 5 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 1 IoCs
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Loads dropped DLL 4 IoCs
  • Enumerates connected drives 3 TTPs 18 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 2 IoCs
  • Modifies registry class 26 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\bdb6672d339d6fc19af420865d8731a183c082f03b77b7b33811ffbf5d7b09fe.exe
    "C:\Users\Admin\AppData\Local\Temp\bdb6672d339d6fc19af420865d8731a183c082f03b77b7b33811ffbf5d7b09fe.exe"
    1⤵
    • Loads dropped DLL
    • Enumerates connected drives
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:904
    • C:\odt\svchost.exe
      C:\odt\svchost.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies registry class
      • Suspicious behavior: GetForegroundWindowSpam
      PID:3184

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Windows\SysWOW64\DOROPK.dll
          Filesize

          150KB

          MD5

          018f4c326f6de04e824ccdad8bee8f51

          SHA1

          cf2d330ff2863af8dee4f17c184b71072a0f1302

          SHA256

          cdf7c071cd1e571c43c5cc29ceb596f2d9281c62d364e4820815a04bb2c736d9

          SHA512

          b91505789ff2a93cdb5f905a202e83505210d2dcea9a0358ba458a3bb22722e6274c1d9a2aae49d3d50711a7f24f8bdd1e67964ff238ec01125290a83e6e95db

          Download Submit

        • C:\Windows\SysWOW64\DOROPK.dll
          Filesize

          150KB

          MD5

          018f4c326f6de04e824ccdad8bee8f51

          SHA1

          cf2d330ff2863af8dee4f17c184b71072a0f1302

          SHA256

          cdf7c071cd1e571c43c5cc29ceb596f2d9281c62d364e4820815a04bb2c736d9

          SHA512

          b91505789ff2a93cdb5f905a202e83505210d2dcea9a0358ba458a3bb22722e6274c1d9a2aae49d3d50711a7f24f8bdd1e67964ff238ec01125290a83e6e95db

          Download Submit

        • C:\Windows\SysWOW64\DOROPK.dll
          Filesize

          150KB

          MD5

          018f4c326f6de04e824ccdad8bee8f51

          SHA1

          cf2d330ff2863af8dee4f17c184b71072a0f1302

          SHA256

          cdf7c071cd1e571c43c5cc29ceb596f2d9281c62d364e4820815a04bb2c736d9

          SHA512

          b91505789ff2a93cdb5f905a202e83505210d2dcea9a0358ba458a3bb22722e6274c1d9a2aae49d3d50711a7f24f8bdd1e67964ff238ec01125290a83e6e95db

          Download Submit

        • C:\Windows\SysWOW64\DOROPK.dll
          Filesize

          150KB

          MD5

          018f4c326f6de04e824ccdad8bee8f51

          SHA1

          cf2d330ff2863af8dee4f17c184b71072a0f1302

          SHA256

          cdf7c071cd1e571c43c5cc29ceb596f2d9281c62d364e4820815a04bb2c736d9

          SHA512

          b91505789ff2a93cdb5f905a202e83505210d2dcea9a0358ba458a3bb22722e6274c1d9a2aae49d3d50711a7f24f8bdd1e67964ff238ec01125290a83e6e95db

          Download Submit

        • C:\Windows\SysWOW64\DOROPK.dll
          Filesize

          150KB

          MD5

          018f4c326f6de04e824ccdad8bee8f51

          SHA1

          cf2d330ff2863af8dee4f17c184b71072a0f1302

          SHA256

          cdf7c071cd1e571c43c5cc29ceb596f2d9281c62d364e4820815a04bb2c736d9

          SHA512

          b91505789ff2a93cdb5f905a202e83505210d2dcea9a0358ba458a3bb22722e6274c1d9a2aae49d3d50711a7f24f8bdd1e67964ff238ec01125290a83e6e95db

          Download Submit

        • C:\odt\svchost.exe
          Filesize

          103KB

          MD5

          81ed2bb35c31f6b48e3d5dd79352d9de

          SHA1

          94adb7be20690132c792fa0c53520183cace6c33

          SHA256

          1078dfe24e0a91560f0c2f00d37e8e744a4c0cf104e5da26cb57ce2d40a17a60

          SHA512

          d105cb356e7175bec565f9d5e30d53f9f1f2c81e5aee49c0bd2fbc906cdff30b4f396d0d2770fc183b34166c4cbf91fc542c813a3ed4443b0504f578dda6b0f9

          Download Submit

        • C:\odt\svchost.exe
          Filesize

          103KB

          MD5

          81ed2bb35c31f6b48e3d5dd79352d9de

          SHA1

          94adb7be20690132c792fa0c53520183cace6c33

          SHA256

          1078dfe24e0a91560f0c2f00d37e8e744a4c0cf104e5da26cb57ce2d40a17a60

          SHA512

          d105cb356e7175bec565f9d5e30d53f9f1f2c81e5aee49c0bd2fbc906cdff30b4f396d0d2770fc183b34166c4cbf91fc542c813a3ed4443b0504f578dda6b0f9

          Download Submit

        • memory/904-132-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/904-141-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/3184-142-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/3184-143-0x00000000005D0000-0x00000000005F0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3184-144-0x00000000005D0000-0x00000000005F0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3184-145-0x0000000000400000-0x000000000043F000-memory.dmp

          Filesize

          252KB

          Download

        • memory/3184-146-0x00000000005D0000-0x00000000005F0000-memory.dmp

          Filesize

          128KB

          Download

        • memory/3184-147-0x00000000005D0000-0x00000000005F0000-memory.dmp

          Filesize

          128KB

          Download