Analysis
-
max time kernel
142s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
08/11/2022, 06:55
Behavioral task
behavioral1
Sample
597b728407b2c1a91d5a49d0bc9a9c55.exe
Resource
win7-20220812-en
General
-
Target
597b728407b2c1a91d5a49d0bc9a9c55.exe
-
Size
32KB
-
MD5
597b728407b2c1a91d5a49d0bc9a9c55
-
SHA1
a3589bc875751b10363ba56c559948781429a57a
-
SHA256
4eceaf21c15e9755c7ea6dae9613bebe2462f4e85322a8e7d521e277e8bb1f13
-
SHA512
964c7e5e90c96e2fd286cfee1f8d115abbdccf5cc8068a075fba2f964a1594b78dd69daa42ba8ad2fac58a99d6f9b3ee76f2d1d6a9d1ee744a5330cb9d978c43
-
SSDEEP
768:HqPzUdiJ8dayafVcCSWYVYnPrryFbnpoJo2ECpKc6lUZ1Fg:YLJ8dayaaupDobnpo2Ip0
Malware Config
Extracted
systembc
45.182.189.231:443
Signatures
-
Executes dropped EXE 1 IoCs
pid Process 696 tujwevg.exe -
Drops file in Windows directory 2 IoCs
description ioc Process File opened for modification C:\Windows\Tasks\tujwevg.job 597b728407b2c1a91d5a49d0bc9a9c55.exe File created C:\Windows\Tasks\tujwevg.job 597b728407b2c1a91d5a49d0bc9a9c55.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 4984 597b728407b2c1a91d5a49d0bc9a9c55.exe 4984 597b728407b2c1a91d5a49d0bc9a9c55.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\597b728407b2c1a91d5a49d0bc9a9c55.exe"C:\Users\Admin\AppData\Local\Temp\597b728407b2c1a91d5a49d0bc9a9c55.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:4984
-
C:\ProgramData\ddgux\tujwevg.exeC:\ProgramData\ddgux\tujwevg.exe start1⤵
- Executes dropped EXE
PID:696
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5597b728407b2c1a91d5a49d0bc9a9c55
SHA1a3589bc875751b10363ba56c559948781429a57a
SHA2564eceaf21c15e9755c7ea6dae9613bebe2462f4e85322a8e7d521e277e8bb1f13
SHA512964c7e5e90c96e2fd286cfee1f8d115abbdccf5cc8068a075fba2f964a1594b78dd69daa42ba8ad2fac58a99d6f9b3ee76f2d1d6a9d1ee744a5330cb9d978c43
-
Filesize
32KB
MD5597b728407b2c1a91d5a49d0bc9a9c55
SHA1a3589bc875751b10363ba56c559948781429a57a
SHA2564eceaf21c15e9755c7ea6dae9613bebe2462f4e85322a8e7d521e277e8bb1f13
SHA512964c7e5e90c96e2fd286cfee1f8d115abbdccf5cc8068a075fba2f964a1594b78dd69daa42ba8ad2fac58a99d6f9b3ee76f2d1d6a9d1ee744a5330cb9d978c43