Overview

overview

8

Static

static

8b2c2ed2ca...fa.exe

windows7-x64

3

8b2c2ed2ca...fa.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    153s
  • max time network
    157s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23-11-2022 11:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa.exe

  • Size

    66KB

  • MD5

    a20e4ebafe8f48723b9750ad1101cd41

  • SHA1

    6c1272e289ba0ad42c7cb9e0cead286c9749f41c

  • SHA256

    8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa

  • SHA512

    f71e6a6ffc7920b289e3241f4deed50bf0071f653339f5d8e6479049d922141c432df192acbc856bd40546c386caa2980284a68c5bb2f216975a2598d9aa9512

  • SSDEEP

    1536:VxcbSkqQHGO5WOiVKggBXdyZuPpIeZqJxxVfBd:kbS0p5WOiVUBXSuPlG1fL

Score
8/10

Malware Config

Signatures

  • Executes dropped EXE 5 IoCs
  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Modifies registry class 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa.exe
    "C:\Users\Admin\AppData\Local\Temp\8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa.exe"
    1⤵
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:5104
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /installservice
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      PID:5092
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /start
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:5068
    • C:\Windows\SysWOW64\urdvxc.exe
      C:\Windows\system32\urdvxc.exe /uninstallservice patch:C:\Users\Admin\AppData\Local\Temp\8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa.exe
      2⤵
      • Executes dropped EXE
      • Modifies registry class
      PID:5072
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:4388
  • C:\Windows\SysWOW64\urdvxc.exe
    "C:\Windows\SysWOW64\urdvxc.exe" /service
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Modifies registry class
    PID:1444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Java\jdk1.8.0_66\db\README-JDK.html
    Filesize

    1012B

    MD5

    661986eb37cc9cfc2f17614e81d71a6d

    SHA1

    6f5a8828691bfabda2656ba5435c39db61933cba

    SHA256

    5edb9dd67373164b6d5297e4fad9846c712451a74f8a8a965c39c61c19646a03

    SHA512

    11da83092eebe57cc2493d37f480bf706880883a1c4c7af910fe1e2d1fa3c923b7f6cca99d8bfc61255879ef146af94b0925cc07ca53c431b4ef1f24d36e970e

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\jre\Welcome.html
    Filesize

    1KB

    MD5

    126dc28a60fa70ca98434f1b6196855b

    SHA1

    eaeb0f2ae09670985868a7410b08df899486339a

    SHA256

    3475436612f6a0ef77fc91331d008090bfd53c7cc8535225762ab43234c730c7

    SHA512

    7d07229039cbb7eb39d5cdf3846fb41f4f2f5a829cf7c0d5c778bf50c7eaa17ab7dd4c7fe483c38d3ebb72669d117a6db122ee58f63d712f795c38ad680ae52a

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\about.html
    Filesize

    1KB

    MD5

    d9551396767d37a60f3c76f8b82333b1

    SHA1

    8a42a662427276aecc87d704b9df1f156a78a7ae

    SHA256

    226ac83c0f1f836563f3c81a5367e3ea7686cfd6754034b482e9c33e765df294

    SHA512

    51cdbf454fd7af0247ee8df696a370dfb894fe7ea8c4a8b4fbf280505eff333fff185b5d4b8e197a5a3142a0ff111a57b26197ebe6c40cd7c8d3effc407352e4

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_ja_4.4.0.v20140623020002\license.html
    Filesize

    6KB

    MD5

    95948307f4a36f9750e8175547ad5066

    SHA1

    d688009e149a66fa1ba0773ba9db0d68b7430222

    SHA256

    9edcb05e432c8d6e301dfdfa343cd00225e9a79d89906d4a3d9d5b6405391297

    SHA512

    59c0c051fc0c383809ea8bdf837ab38a0a46bc55ef55e1e358abd43b0594974973f4adbac21302b827467042b40a67a6babbeff351ee9a8b1149ae83f898d151

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\about.html
    Filesize

    1KB

    MD5

    f31930a2d55a728fcc361f35073c4f8a

    SHA1

    84699d348359582098b22e7461f3f3e310fcf8b1

    SHA256

    8702f4240fe9f9a5c6867dc56722cc1de9ad1f980e6bab753975ce9f15bec1df

    SHA512

    6060d2bf5c318d39f1f33ce4406e41947ade20b725830c97601bffb75e53b561b533acb4b13acbfc0fbde466009050540c9540d7b0ae3862a1a46f98573777a7

    Download Submit
  • C:\Program Files\Java\jdk1.8.0_66\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\license.html
    Filesize

    6KB

    MD5

    3244dd03155c75814463bc3780d83e41

    SHA1

    74be0ffa2b26b24ca3810447daaa70e1724430df

    SHA256

    3ce49b7863704f6d3823aaeec4a4f404f7f95e478f80e9b9c306c2bed95fc013

    SHA512

    cec9e7ef61efeaa2b9eb14cc3222b5f9f714c72231d9366e12e7187716e83174995b87d8b9f8934de95c07c1f9dacb33b05fd83a0c142a8843525bfcb77ab664

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    66KB

    MD5

    a20e4ebafe8f48723b9750ad1101cd41

    SHA1

    6c1272e289ba0ad42c7cb9e0cead286c9749f41c

    SHA256

    8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa

    SHA512

    f71e6a6ffc7920b289e3241f4deed50bf0071f653339f5d8e6479049d922141c432df192acbc856bd40546c386caa2980284a68c5bb2f216975a2598d9aa9512

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    66KB

    MD5

    a20e4ebafe8f48723b9750ad1101cd41

    SHA1

    6c1272e289ba0ad42c7cb9e0cead286c9749f41c

    SHA256

    8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa

    SHA512

    f71e6a6ffc7920b289e3241f4deed50bf0071f653339f5d8e6479049d922141c432df192acbc856bd40546c386caa2980284a68c5bb2f216975a2598d9aa9512

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    66KB

    MD5

    a20e4ebafe8f48723b9750ad1101cd41

    SHA1

    6c1272e289ba0ad42c7cb9e0cead286c9749f41c

    SHA256

    8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa

    SHA512

    f71e6a6ffc7920b289e3241f4deed50bf0071f653339f5d8e6479049d922141c432df192acbc856bd40546c386caa2980284a68c5bb2f216975a2598d9aa9512

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    66KB

    MD5

    a20e4ebafe8f48723b9750ad1101cd41

    SHA1

    6c1272e289ba0ad42c7cb9e0cead286c9749f41c

    SHA256

    8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa

    SHA512

    f71e6a6ffc7920b289e3241f4deed50bf0071f653339f5d8e6479049d922141c432df192acbc856bd40546c386caa2980284a68c5bb2f216975a2598d9aa9512

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    66KB

    MD5

    a20e4ebafe8f48723b9750ad1101cd41

    SHA1

    6c1272e289ba0ad42c7cb9e0cead286c9749f41c

    SHA256

    8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa

    SHA512

    f71e6a6ffc7920b289e3241f4deed50bf0071f653339f5d8e6479049d922141c432df192acbc856bd40546c386caa2980284a68c5bb2f216975a2598d9aa9512

    Download Submit
  • C:\Windows\SysWOW64\urdvxc.exe
    Filesize

    66KB

    MD5

    a20e4ebafe8f48723b9750ad1101cd41

    SHA1

    6c1272e289ba0ad42c7cb9e0cead286c9749f41c

    SHA256

    8b2c2ed2caadf6dc589204661f74e67956d755ef8ac932008c8efa92db858cfa

    SHA512

    f71e6a6ffc7920b289e3241f4deed50bf0071f653339f5d8e6479049d922141c432df192acbc856bd40546c386caa2980284a68c5bb2f216975a2598d9aa9512

    Download Submit
  • memory/1444-151-0x00000000001C0000-0x00000000001DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/1444-150-0x00000000001C0000-0x00000000001DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4388-143-0x00000000001E0000-0x00000000001FF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4388-147-0x00000000001E0000-0x00000000001FF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/4388-148-0x00000000001E0000-0x00000000001FF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/5068-142-0x00000000001C0000-0x00000000001DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/5068-139-0x0000000000000000-mapping.dmp
    Download
  • memory/5072-144-0x0000000000000000-mapping.dmp
    Download
  • memory/5072-146-0x00000000001C0000-0x00000000001DF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/5092-138-0x00000000001E0000-0x00000000001FF000-memory.dmp
    Filesize

    124KB

    Download
  • memory/5092-137-0x0000000000400000-0x0000000000426000-memory.dmp
    Filesize

    152KB

    Download
  • memory/5092-134-0x0000000000000000-mapping.dmp
    Download
  • memory/5104-132-0x0000000000400000-0x0000000000426000-memory.dmp
    Filesize

    152KB

    Download
  • memory/5104-133-0x00000000001E0000-0x00000000001FF000-memory.dmp
    Filesize

    124KB

    Download