Overview

overview

10

Static

static

10

Crack UZ1/...oc.exe

windows10-2004-x64

4

Setup_Driv...22.exe

windows10-2004-x64

Resubmissions

05-11-2022 19:59

221105-yqefyabgdl 10

05-11-2022 19:56

221105-yn7dyabgcp 10

05-11-2022 19:39

221105-ydcftabfgr 10

05-11-2022 19:22

221105-x3ef2ahce6 10

Analysis

  • max time kernel
    483s
  • max time network
    457s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-de
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-delocale:de-deos:windows10-2004-x64systemwindows
  • submitted
    05-11-2022 19:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Crack UZ1/DriverDoc.exe

  • Size

    2.4MB

  • MD5

    046017d1ccfe50afadb65831220072f3

  • SHA1

    08f1023b366b6d05276ff74e41a36deb84a54460

  • SHA256

    b2f2341b447a9f6dbc835c8b07015ee1a18c41abf0f93a2b354f6c245808a39c

  • SHA512

    4d1d2fbee5bc83b73d62fbe4b4384d84245816e608c5012d77caad7bff20626667d2e84dbd8cf991c16e7e6734ee798cb8c669ac2604d76bdc1df8c66ae973a0

  • SSDEEP

    24576:jFV0CeT0o6QfhXlf4P35FLPOY5s2cv+AtdKEUuAaFo1Em7BpU8qUjDS2b:jFI0SIrOYq2c7vAYo1Em7vU8t

Score
4/10

Malware Config

Signatures

  • Drops file in Windows directory 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Crack UZ1\DriverDoc.exe
    "C:\Users\Admin\AppData\Local\Temp\Crack UZ1\DriverDoc.exe" move "Crack UZ1/DriverDoc.exe" "C:/Krat0x0s/"
    1⤵
      PID:4296
    • C:\Windows\System32\rundll32.exe
      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
      1⤵
        PID:2776
      • C:\Windows\system32\mspaint.exe
        "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\ConnectTest.wmf"
        1⤵
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        PID:3532
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
        1⤵
          PID:3084

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • memory/4296-132-0x0000000000400000-0x0000000000C26000-memory.dmp

          Filesize

          8.1MB

          Download

        • memory/4296-133-0x0000000000400000-0x0000000000C26000-memory.dmp

          Filesize

          8.1MB

          Download