Overview

overview

8

Static

static

2771af1d8f...4d.exe

windows7-x64

3

2771af1d8f...4d.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    158s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 11:19

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d.exe

  • Size

    99KB

  • MD5

    8a9484cdfaa10dc52019666b0f5da2d1

  • SHA1

    f4ba999333066063da4fc271f6314796e698b608

  • SHA256

    2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d

  • SHA512

    71f02753374d1f632c6c576a7e2f18852ec09284d102dc8cb0c31e9b94fdca665917cb1a51fb84a5921f6dabe0395abcb5cf5c6fcd73456e2c6969e038c81e10

  • SSDEEP

    3072:SYI9ORKD7ygY53J5SCsu2oh40kv3VucVEB:BIdeg05Fsu6vFuP

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d.exe
    "C:\Users\Admin\AppData\Local\Temp\2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3348
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /installservice
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:4084
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /start
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:4992
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d.exe
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:4304
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:4912
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:1424

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html
    Filesize

    1015B

    MD5

    bc095ae4401b991d0ba4f62540d01ce0

    SHA1

    01fbc4c5921a6ac4b5b3e0b59f2671fad19d4275

    SHA256

    3f1766a19a44da189960cdeb3f6a42377942a252b1b2d78eb734fa51332aee04

    SHA512

    8a29e067f7bf83580cce1f4703fb6a92f66dff54c9e6c50cc16a6d271c989ca3363bb0430c109fb8d83e4357c3edcf42b59c4baa56132f84d0de908c0519988d

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html
    Filesize

    1KB

    MD5

    7ef08a7e40d580174c363e0dd3bbbfd7

    SHA1

    88bf70dd3770dd6dbc3629bd0c6ae79898844dcf

    SHA256

    809d281fdc0219c9fce3194ec7d22b9a2f41f9e7afe5089b908561ae6466b724

    SHA512

    5190ae023f2bf3fb351ef7de3a14e740e493aa971fdf14680747d9f635eedf0ecce861174da1765f7263e2a896d83ab76dd5c0208ab899ce34831511cf4e2dac

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html
    Filesize

    1KB

    MD5

    7915168e1915f03c8db93427bb9362af

    SHA1

    9cca121c448a9a38f815653014da4bd9f323596c

    SHA256

    b9b7298e796bee7942b808d120c1da2f40508b719d0f57c792f6898963036ae7

    SHA512

    fbae43dc5b5c1ececfcde9a92abe7caf8848b8a3d2d3a2663490bec65afbfcd0ecd2e6059e34fdc3af07c206deb45c9b3e4b85776e87ff7e19d96ee756fe843a

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html
    Filesize

    6KB

    MD5

    95948307f4a36f9750e8175547ad5066

    SHA1

    d688009e149a66fa1ba0773ba9db0d68b7430222

    SHA256

    9edcb05e432c8d6e301dfdfa343cd00225e9a79d89906d4a3d9d5b6405391297

    SHA512

    59c0c051fc0c383809ea8bdf837ab38a0a46bc55ef55e1e358abd43b0594974973f4adbac21302b827467042b40a67a6babbeff351ee9a8b1149ae83f898d151

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html
    Filesize

    1KB

    MD5

    00d6bf61fdfbf3498a4b8996717797a0

    SHA1

    3b5855989750646b9de9d4d9c2d107121b2bacb4

    SHA256

    74c990493dff56a22d26eb021df6887e1d15f75f916e39440c0efb7f0a3d4250

    SHA512

    c3fedcbf2bb480528b03305002d2999eaf2f4057e82a95718156ecc81f0ead4ad7e92612307d19ebd5ed9a128e2cb8bf257937a12ab20c071bd8dea6835012c6

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html
    Filesize

    6KB

    MD5

    3244dd03155c75814463bc3780d83e41

    SHA1

    74be0ffa2b26b24ca3810447daaa70e1724430df

    SHA256

    3ce49b7863704f6d3823aaeec4a4f404f7f95e478f80e9b9c306c2bed95fc013

    SHA512

    cec9e7ef61efeaa2b9eb14cc3222b5f9f714c72231d9366e12e7187716e83174995b87d8b9f8934de95c07c1f9dacb33b05fd83a0c142a8843525bfcb77ab664

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    99KB

    MD5

    8a9484cdfaa10dc52019666b0f5da2d1

    SHA1

    f4ba999333066063da4fc271f6314796e698b608

    SHA256

    2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d

    SHA512

    71f02753374d1f632c6c576a7e2f18852ec09284d102dc8cb0c31e9b94fdca665917cb1a51fb84a5921f6dabe0395abcb5cf5c6fcd73456e2c6969e038c81e10

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    99KB

    MD5

    8a9484cdfaa10dc52019666b0f5da2d1

    SHA1

    f4ba999333066063da4fc271f6314796e698b608

    SHA256

    2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d

    SHA512

    71f02753374d1f632c6c576a7e2f18852ec09284d102dc8cb0c31e9b94fdca665917cb1a51fb84a5921f6dabe0395abcb5cf5c6fcd73456e2c6969e038c81e10

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    99KB

    MD5

    8a9484cdfaa10dc52019666b0f5da2d1

    SHA1

    f4ba999333066063da4fc271f6314796e698b608

    SHA256

    2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d

    SHA512

    71f02753374d1f632c6c576a7e2f18852ec09284d102dc8cb0c31e9b94fdca665917cb1a51fb84a5921f6dabe0395abcb5cf5c6fcd73456e2c6969e038c81e10

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    99KB

    MD5

    8a9484cdfaa10dc52019666b0f5da2d1

    SHA1

    f4ba999333066063da4fc271f6314796e698b608

    SHA256

    2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d

    SHA512

    71f02753374d1f632c6c576a7e2f18852ec09284d102dc8cb0c31e9b94fdca665917cb1a51fb84a5921f6dabe0395abcb5cf5c6fcd73456e2c6969e038c81e10

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    99KB

    MD5

    8a9484cdfaa10dc52019666b0f5da2d1

    SHA1

    f4ba999333066063da4fc271f6314796e698b608

    SHA256

    2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d

    SHA512

    71f02753374d1f632c6c576a7e2f18852ec09284d102dc8cb0c31e9b94fdca665917cb1a51fb84a5921f6dabe0395abcb5cf5c6fcd73456e2c6969e038c81e10

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    99KB

    MD5

    8a9484cdfaa10dc52019666b0f5da2d1

    SHA1

    f4ba999333066063da4fc271f6314796e698b608

    SHA256

    2771af1d8fdb223d46a1671cb70371b696d4b11975e0e97c78e2be68d2a1fd4d

    SHA512

    71f02753374d1f632c6c576a7e2f18852ec09284d102dc8cb0c31e9b94fdca665917cb1a51fb84a5921f6dabe0395abcb5cf5c6fcd73456e2c6969e038c81e10

    Download Submit
  • memory/1424-152-0x00000000001C0000-0x00000000001DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1424-151-0x00000000001C0000-0x00000000001DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/3348-133-0x00000000001E0000-0x00000000001FF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/3348-146-0x00000000001E0000-0x00000000001FF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/3348-132-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download
  • memory/4084-134-0x0000000000000000-mapping.dmp
    Download
  • memory/4084-137-0x0000000000400000-0x0000000000434000-memory.dmp
    Filesize

    208KB

    Download
  • memory/4084-138-0x00000000001E0000-0x00000000001FF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4304-147-0x00000000001C0000-0x00000000001DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4304-144-0x0000000000000000-mapping.dmp
    Download
  • memory/4912-149-0x0000000000440000-0x000000000045F000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4912-148-0x0000000000440000-0x000000000045F000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4912-143-0x0000000000440000-0x000000000045F000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4992-142-0x00000000001C0000-0x00000000001DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4992-139-0x0000000000000000-mapping.dmp
    Download