Overview

overview

8

Static

static

e9e7e70b49...b5.exe

windows7-x64

3

e9e7e70b49...b5.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07/11/2022, 08:16

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5.exe

  • Size

    63KB

  • MD5

    0c9f0179483ce0a1b6198aefbba1b884

  • SHA1

    6578fbbe0fdfde3ad3e915f42c2adf796904c6eb

  • SHA256

    e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5

  • SHA512

    cdd1351e053f39b81e0b84ab3522fc837dab58f0ab62f11e9f822e63a5d1a45f97e70b1789d58fd6dffa847e6e525b22bdd15574ae86c282bf6d1dd1640bbc57

  • SSDEEP

    1536:kFWF62LnjwuheL+2fN/QmBs6M6DagdFSmw8V:YWXj7eJdQJmDLdF1wc

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies registry class 62 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5.exe
    "C:\Users\Admin\AppData\Local\Temp\e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2484
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /installservice
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4308
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /start
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:780
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5.exe
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:3964
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:4944
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:3420

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files\Java\jdk1.8.0_66\README.html
          Filesize

          263B

          MD5

          a49b242bc882b6e4f074b9a585227255

          SHA1

          3feca589f5ff852e04f82b7e01bbc688f3c4a390

          SHA256

          1d347b95e2f7882576914db08a1191c288715118665a2e734a6a64addfeee9ac

          SHA512

          34b55fd529c0eb5d1a33932046be34256dc7e09c9da7cddecb02c133d6b9326022b1b5bdfec7de5b73c53adeb4d198d954de56eb10c03ee5d0c5380af3458026

          Download Submit

        • C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html
          Filesize

          1013B

          MD5

          648b860830033a7b19b7a5b34e220aec

          SHA1

          6ae12502aeef514a600271a5d3969a9f2412346c

          SHA256

          e6e95f429f3b411863c6eaf7b5f07f07a5a61f9c901b6c27d024da5d507a516c

          SHA512

          abbc3fc79aa0174ab4843ced661314baeffb4a9d421f5d49351513b2a7f85f8c5a7cadb5c6c578ce8ae5c2d9be0dbabb319f47e0c1521e70a14d6eaaacf51c0e

          Download Submit

        • C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html
          Filesize

          1KB

          MD5

          126dc28a60fa70ca98434f1b6196855b

          SHA1

          eaeb0f2ae09670985868a7410b08df899486339a

          SHA256

          3475436612f6a0ef77fc91331d008090bfd53c7cc8535225762ab43234c730c7

          SHA512

          7d07229039cbb7eb39d5cdf3846fb41f4f2f5a829cf7c0d5c778bf50c7eaa17ab7dd4c7fe483c38d3ebb72669d117a6db122ee58f63d712f795c38ad680ae52a

          Download Submit

        • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html
          Filesize

          1KB

          MD5

          be5ae053c2e7447b4aa28a4eedd2596f

          SHA1

          f3ec765d9a5cfef8126c3c0cca17f83bc3f30083

          SHA256

          7b81f3095140ad8ff3083edd17f58f358464a6de33fe8b7d7059bf83b17621c3

          SHA512

          8d77e56cc34fc9bbe5e1d2b0007b76a4899e522aa1be7473d2277547898ab122490d5c3a81415f20bf4efbee36560dd643f04d6f4639c309a3a50cac124d9d27

          Download Submit

        • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html
          Filesize

          6KB

          MD5

          dd8bc4ea474d9b179f8f17874d2506b5

          SHA1

          3f50fdce3194a7fe6175363e78a7ee6b000a5072

          SHA256

          b53adf89054311aaa69dd2cdf4df4f73dadbeda0d707befe592e3dd682611b07

          SHA512

          f34548932fb35d88f69cb4f24389ed43dc1760c2b2de3d9fd9f3fa2fe20e7385967f76080865db42c3132105bb79a9b434ac89321d1a7cef9e1bbdce1232a35f

          Download Submit

        • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html
          Filesize

          1KB

          MD5

          17fb1125d8d7b6ed5f7fa28d774b076a

          SHA1

          ebb3482859f785645178ee324257fb4df4bff1a1

          SHA256

          500ca07ef68cc817d8352d142944089fdc1391e78bea103ae9a87c7e4aa12317

          SHA512

          5016b950aad0006f62f443d1ef75baa88b44a810bd270b9c3140f417edc2372e18b2464f73c9b0f06b73f1208f6a9fad3b85fee9b6d8a785b788d34a6b1197c6

          Download Submit

        • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html
          Filesize

          6KB

          MD5

          57e0cc238395714fa63306d6f3210cda

          SHA1

          ff86a5ff6a1c252f21b1b5901d948022188dcfe8

          SHA256

          bebe617b130d908db089db5c07baf16af2cacfa3a3f3ab2f0351475867e322fc

          SHA512

          81df4d81fd7de5ed4513cc726593964c47274e36ba80d4c1c6f6a66743ecb1b1ea148805ffc24b4723a301ccbc07c37ea93dfb8815029dcdca6dec676c045b4b

          Download Submit

        • C:\Program Files\Java\jre1.8.0_66\Welcome.html
          Filesize

          1KB

          MD5

          cc118097036294f8f87572951e2d4766

          SHA1

          a1a84b773de6be717e32d0ae818f2709f69364cf

          SHA256

          adb5694c828f1297c08df978deb24469c68873695d14f2d0ee2d77c3b3d7bfc9

          SHA512

          4a6ec98e62861e079f4afb235be89a11d941d55641babeb8e93c54b2c3c8d390ea733812fef859ccc1ccdfc563f8539cec8c8137756b5ac415c92a1829b884b2

          Download Submit

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          63KB

          MD5

          0c9f0179483ce0a1b6198aefbba1b884

          SHA1

          6578fbbe0fdfde3ad3e915f42c2adf796904c6eb

          SHA256

          e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5

          SHA512

          cdd1351e053f39b81e0b84ab3522fc837dab58f0ab62f11e9f822e63a5d1a45f97e70b1789d58fd6dffa847e6e525b22bdd15574ae86c282bf6d1dd1640bbc57

          Download Submit

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          63KB

          MD5

          0c9f0179483ce0a1b6198aefbba1b884

          SHA1

          6578fbbe0fdfde3ad3e915f42c2adf796904c6eb

          SHA256

          e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5

          SHA512

          cdd1351e053f39b81e0b84ab3522fc837dab58f0ab62f11e9f822e63a5d1a45f97e70b1789d58fd6dffa847e6e525b22bdd15574ae86c282bf6d1dd1640bbc57

          Download Submit

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          63KB

          MD5

          0c9f0179483ce0a1b6198aefbba1b884

          SHA1

          6578fbbe0fdfde3ad3e915f42c2adf796904c6eb

          SHA256

          e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5

          SHA512

          cdd1351e053f39b81e0b84ab3522fc837dab58f0ab62f11e9f822e63a5d1a45f97e70b1789d58fd6dffa847e6e525b22bdd15574ae86c282bf6d1dd1640bbc57

          Download Submit

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          63KB

          MD5

          0c9f0179483ce0a1b6198aefbba1b884

          SHA1

          6578fbbe0fdfde3ad3e915f42c2adf796904c6eb

          SHA256

          e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5

          SHA512

          cdd1351e053f39b81e0b84ab3522fc837dab58f0ab62f11e9f822e63a5d1a45f97e70b1789d58fd6dffa847e6e525b22bdd15574ae86c282bf6d1dd1640bbc57

          Download Submit

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          63KB

          MD5

          0c9f0179483ce0a1b6198aefbba1b884

          SHA1

          6578fbbe0fdfde3ad3e915f42c2adf796904c6eb

          SHA256

          e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5

          SHA512

          cdd1351e053f39b81e0b84ab3522fc837dab58f0ab62f11e9f822e63a5d1a45f97e70b1789d58fd6dffa847e6e525b22bdd15574ae86c282bf6d1dd1640bbc57

          Download Submit

        • C:\Windows\SysWOW64\urdvxc.exe
          Filesize

          63KB

          MD5

          0c9f0179483ce0a1b6198aefbba1b884

          SHA1

          6578fbbe0fdfde3ad3e915f42c2adf796904c6eb

          SHA256

          e9e7e70b49cb7256dccbf9a3d3df0d68682addbfdc37bcbda59cb1250e095eb5

          SHA512

          cdd1351e053f39b81e0b84ab3522fc837dab58f0ab62f11e9f822e63a5d1a45f97e70b1789d58fd6dffa847e6e525b22bdd15574ae86c282bf6d1dd1640bbc57

          Download Submit

        • memory/780-142-0x00000000001C0000-0x00000000001DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2484-132-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

          Download

        • memory/2484-146-0x00000000001E0000-0x00000000001FF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/2484-133-0x00000000001E0000-0x00000000001FF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3420-151-0x00000000001C0000-0x00000000001DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3420-152-0x00000000001C0000-0x00000000001DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/3964-147-0x00000000001C0000-0x00000000001DF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/4308-138-0x00000000001E0000-0x00000000001FF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/4308-137-0x0000000000400000-0x0000000000427000-memory.dmp

          Filesize

          156KB

          Download

        • memory/4944-149-0x00000000001E0000-0x00000000001FF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/4944-143-0x00000000001E0000-0x00000000001FF000-memory.dmp

          Filesize

          124KB

          Download

        • memory/4944-148-0x00000000001E0000-0x00000000001FF000-memory.dmp

          Filesize

          124KB

          Download