Analysis
-
max time kernel
38s -
max time network
47s -
platform
windows7_x64 -
resource
win7-20220812-en -
resource tags
-
submitted
29-10-2022 04:16
General
-
Target
036d34bcc908da095f28d6f5f28ff940493cdddc755fe7414b35f49842145a16.exe
-
Size
1002KB
-
MD5
abf731019396b276b321ecff074b8b57
-
SHA1
41df3510121f64ec2b3cf5168817cbc029360817
-
SHA256
036d34bcc908da095f28d6f5f28ff940493cdddc755fe7414b35f49842145a16
-
SHA512
ec2137029a37102388884f1f16b9ed55cc58d8e6dfecc1d1ed97db2438e5d06cf901e4c26bb462053a0f3218df18c53eccbe86749bc0c528f9c14e0b5f492808
-
SSDEEP
24576:OeZJ8NI8DerQZb+md4wmNerQZb+md4wmA4:H8DerQZbd2JerQZbd23
Malware Config
Signatures
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Drops file in System32 directory 1 IoCs
-
Drops file in Windows directory 2 IoCs
-
Launches sc.exe 4 IoCs
Sc.exe is a Windows utlilty to control services on the system.
-
Runs net.exe
-
Runs regedit.exe 1 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 8 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\036d34bcc908da095f28d6f5f28ff940493cdddc755fe7414b35f49842145a16.exe"C:\Users\Admin\AppData\Local\Temp\036d34bcc908da095f28d6f5f28ff940493cdddc755fe7414b35f49842145a16.exe"1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\net.exenet.exe start schedule /y2⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 start schedule /y3⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c C:\Windows\system32\Option.bat2⤵
-
-
C:\Windows\SysWOW64\At.exeAt.exe 9:52:40 AM C:\Windows\Help\HelpCat.exe2⤵
-
-
C:\Windows\SysWOW64\cmd.execmd /c at 9:51:44 AM C:\Windows\Sysinf.bat2⤵
-
C:\Windows\SysWOW64\at.exeat 9:51:44 AM C:\Windows\Sysinf.bat3⤵
-
-
-
C:\Windows\SysWOW64\cmd.execmd /c at 9:54:44 AM C:\Windows\Sysinf.bat2⤵
-
C:\Windows\SysWOW64\at.exeat 9:54:44 AM C:\Windows\Sysinf.bat3⤵
-
-
-
C:\Windows\SysWOW64\net.exenet.exe stop sharedaccess /y2⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop sharedaccess /y3⤵
-
-
-
C:\Windows\SysWOW64\sc.exeC:\Windows\system32\sc.exe config srservice start= disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exeC:\Windows\system32\sc.exe config wscsvc start= disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\sc.exeC:\Windows\system32\sc.exe config srservice start= disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\regedit.exeregedit.exe /s C:\Windows\regedt32.sys2⤵
- Runs regedit.exe
-
-
C:\Windows\SysWOW64\sc.exeC:\Windows\system32\sc.exe config SharedAccess start= disabled2⤵
- Launches sc.exe
-
-
C:\Windows\SysWOW64\net.exenet.exe stop 360timeprot /y2⤵
-
-
C:\Windows\SysWOW64\net.exenet.exe stop srservice /y2⤵
-
-
C:\Windows\SysWOW64\net.exenet.exe stop wuauserv /y2⤵
-
-
C:\Windows\SysWOW64\net.exenet.exe stop wscsvc /y2⤵
-
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop wuauserv /y1⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop 360timeprot /y1⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop srservice /y1⤵
-
C:\Windows\SysWOW64\net1.exeC:\Windows\system32\net1 stop wscsvc /y1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
82B
MD53f7fbd2eb34892646e93fd5e6e343512
SHA1265ac1061b54f62350fb7a5f57e566454d013a66
SHA256e75e8d9bfc7a2876d908305186c3656e9de2a4af7f6927ccc6d8c812645abbc7
SHA51253d40eb2f05a23464fbf06193868e7cb30cf0df3da53586a75123fb2c37b29cdddda287ce134809d16a559d87fb20aee0e8add22d396fcb7a55f9a753739b140
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Filesize
256KB
-
Filesize
8KB
-
-
-
-
-