Overview

overview

7

Static

static

f3ac6073ad...de.exe

windows7-x64

7

f3ac6073ad...de.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    49s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    11/10/2022, 04:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f3ac6073add095a725b7596894013e0923fa658234d42fbf5b101955f8c77ede.exe

  • Size

    292KB

  • MD5

    224cd1659cc7fe2d087133709cf462f1

  • SHA1

    3423b3ebba1111bbaf869f5cb19055785614cc45

  • SHA256

    f3ac6073add095a725b7596894013e0923fa658234d42fbf5b101955f8c77ede

  • SHA512

    3c6e18ec1196ed33794f910ed53d1ca33ad01a5cd639595725891e39dc781af9a081d3b4bc66033eb416abf6a666ad09b6daf9c95e8a493f5d4ca63698f4e3ae

  • SSDEEP

    6144:FHogBfdMhCuPd9ww5uZbFxaSsBk3+ufkVsXXkSBngr:oQuzwGgbjPsBBuf05Sgr

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Drops file in Windows directory 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 51 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f3ac6073add095a725b7596894013e0923fa658234d42fbf5b101955f8c77ede.exe
    "C:\Users\Admin\AppData\Local\Temp\f3ac6073add095a725b7596894013e0923fa658234d42fbf5b101955f8c77ede.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:1048
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Deletes itself
    • Suspicious behavior: EnumeratesProcesses
    PID:2012

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\windows\xinstall1710300.dll
    Filesize

    210KB

    MD5

    3964e6fd09ad185d41497bbeaef7f3c5

    SHA1

    7a4e39af266268607ede7ba92e53e83c00981dd9

    SHA256

    31c859ea734836c17eb74cc187589d64ce9ba18404532133e6092a1cfa8b02f6

    SHA512

    fec9c4a1d6f1bb6bf0a01e798f3c4653fcc21f06fddf57382b9b569363f33e20cda1694cd08303e4420d55b4657b6d3e4ecc92cb7678e204f9efa8700d06a891

    Download Submit

  • \??\c:\Win_lj.ini
    Filesize

    133B

    MD5

    a8c829f3359652f65cbcf833b4ef0b3f

    SHA1

    dfcb1695d48101ce71f4d4b2099dd59ff75ba1a8

    SHA256

    110d435922a438dc6caf183d4c043476a3d2ab97468868a3d7240c051c029d41

    SHA512

    0b25b3cd33094dd203de96132bb327b3ab53e0911fdb0426f757d3e41e638cc5e41280f31d1016701568840cf6e2c9d980c8aefa09f3c631e77753f4cfadcb1a

    Download Submit

  • \??\c:\windows\ibkmkacvg.exe
    Filesize

    10.6MB

    MD5

    820d70c5ab185649f1ee15b0fb145b89

    SHA1

    3341cc029d816803c4c6db043eafb85adb1573f5

    SHA256

    41fdc9b78465f5e6afcc28776a6c7805346c452d7193aa2fdbbe186844511c72

    SHA512

    c0d5187ba01667c3ed5917fc11428910e44d97b4349bb7396d18f678c815156c36ca7a504bdcd48bf8eea7f4752743734e1e3a65d23d8aeec48f082003d8e971

    Download Submit

  • memory/1048-54-0x00000000759F1000-0x00000000759F3000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1048-55-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/1048-61-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download

  • memory/2012-60-0x0000000010000000-0x0000000010037000-memory.dmp

    Filesize

    220KB

    Download