Analysis
-
max time kernel
143s -
max time network
158s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
22-11-2022 05:35
Behavioral task
behavioral1
Sample
socks.exe
Resource
win7-20221111-en
General
-
Target
socks.exe
-
Size
32KB
-
MD5
f6fc8a2495fb25c71b3e7a355628b19f
-
SHA1
dce93888658c9e20bce5bc0ba829230966ea25d8
-
SHA256
1972e8136931f0b0fcc9ce917c9eeed13a5fd261c6453173d69bce28bfa1af54
-
SHA512
88eb7b301423e22fb91b3de69f411f531b56aa45838b4ca72780a293c726a222921a31ebb1a5ecd6298e254209d0600cd4106819c514bbc0c74fd0b037e02946
-
SSDEEP
768:nEda2pzI7icyFK4JP7YSud6gfzsUwdgug5oJa2crh:nEdI7icyFvPVoGgX5o
Malware Config
Extracted
systembc
95.161.131.6:4001
45.153.240.152:4001
Signatures
-
Executes dropped EXE 1 IoCs
Processes:
kugp.exepid process 2920 kugp.exe -
Drops file in Windows directory 2 IoCs
Processes:
socks.exedescription ioc process File created C:\Windows\Tasks\kugp.job socks.exe File opened for modification C:\Windows\Tasks\kugp.job socks.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
socks.exepid process 4024 socks.exe 4024 socks.exe
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
32KB
MD5f6fc8a2495fb25c71b3e7a355628b19f
SHA1dce93888658c9e20bce5bc0ba829230966ea25d8
SHA2561972e8136931f0b0fcc9ce917c9eeed13a5fd261c6453173d69bce28bfa1af54
SHA51288eb7b301423e22fb91b3de69f411f531b56aa45838b4ca72780a293c726a222921a31ebb1a5ecd6298e254209d0600cd4106819c514bbc0c74fd0b037e02946
-
Filesize
32KB
MD5f6fc8a2495fb25c71b3e7a355628b19f
SHA1dce93888658c9e20bce5bc0ba829230966ea25d8
SHA2561972e8136931f0b0fcc9ce917c9eeed13a5fd261c6453173d69bce28bfa1af54
SHA51288eb7b301423e22fb91b3de69f411f531b56aa45838b4ca72780a293c726a222921a31ebb1a5ecd6298e254209d0600cd4106819c514bbc0c74fd0b037e02946