Overview

overview

7

Static

static

e9ec7c9d55...bb.exe

windows7-x64

7

e9ec7c9d55...bb.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    151s
  • max time network
    155s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-11-2022 04:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e9ec7c9d55adb2532bcb8eae446a29fe1ec35fe8072dcdd777c8e77f9580dbbb.exe

  • Size

    296KB

  • MD5

    ba40439008eb05cc2a795aaf287ef7a5

  • SHA1

    72309e045c4dd8d78e00e66f77185c97e435f490

  • SHA256

    e9ec7c9d55adb2532bcb8eae446a29fe1ec35fe8072dcdd777c8e77f9580dbbb

  • SHA512

    2b3bdd88e3d1e31f698a7c8603c70926393c6b6eb0ba9afc78972fdd1d8aa428410aac021327dfcfceffb864d18bc7c5864d2084c2e9207548cffd9b991c0fda

  • SSDEEP

    6144:jHogBfdMhCuPUOluAgmbo+WZ1RzsgcKB1ixuHeGWXczh4i8+:6QusO2V1RzsKB1ikH3WWH

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\e9ec7c9d55adb2532bcb8eae446a29fe1ec35fe8072dcdd777c8e77f9580dbbb.exe
    "C:\Users\Admin\AppData\Local\Temp\e9ec7c9d55adb2532bcb8eae446a29fe1ec35fe8072dcdd777c8e77f9580dbbb.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:4752
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2136

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Afhi\Qkaqerngk.bmp
    Filesize

    868KB

    MD5

    ebb1a14674aa7b2d0ab587df3acd7ede

    SHA1

    914e7212dcdabdef79804da5ca2b685970315137

    SHA256

    6c15c300ad8707133a1c92051cb2c2258d718185d7384cbef7dc84ecfd862283

    SHA512

    3776a4735b78b5ab7990bd4d2f4f9cee2ee6c749967ec10236ef57e6a6bc30e63d7638a84d454cc93f92bbc2512b91e06114e7bc7f4234abd17506b58432cb8d

    Download Submit

  • C:\Windows\xinstall2510400.dll
    Filesize

    219KB

    MD5

    e128ab57deef3602690f2352fd430f7e

    SHA1

    0f2eafe907ab08fd7686c35797392f6750f69fe7

    SHA256

    e8e91fcb1e0a156ab7ae3171932439c96f0e8afa62a2ac34bfcf77a6fe6c20e2

    SHA512

    fe168f0d1f56ca77b9f077b34e72268a53e1f6d134012934a3e17038724ca2220eca6b4aeb3e34c997d2d8c86232fe8104ab404a991ae835827d250e62c4f4d5

    Download Submit

  • C:\windows\xinstall2510400.dll
    Filesize

    219KB

    MD5

    e128ab57deef3602690f2352fd430f7e

    SHA1

    0f2eafe907ab08fd7686c35797392f6750f69fe7

    SHA256

    e8e91fcb1e0a156ab7ae3171932439c96f0e8afa62a2ac34bfcf77a6fe6c20e2

    SHA512

    fe168f0d1f56ca77b9f077b34e72268a53e1f6d134012934a3e17038724ca2220eca6b4aeb3e34c997d2d8c86232fe8104ab404a991ae835827d250e62c4f4d5

    Download Submit

  • \??\c:\Win_lj.ini
    Filesize

    133B

    MD5

    6fefa8d100a91b5dfcaceae87aa9819a

    SHA1

    5dc13265c647c0876141ef8f7edaec7487b9fde5

    SHA256

    ec1ae2236b6682801ad1afdc137f09a4adaf2ed969e412b03dcbacc5b85c4f38

    SHA512

    f5f848c29b39af893bcfccc6e55817f78549d29a19de110e6ddf5b9f519ec624a572e923f901b45cfae3e72cf38c3d31a9c40ec9547762c3e316ec9c57b45fde

    Download Submit

  • \??\c:\program files (x86)\afhi\qkaqerngk.bmp
    Filesize

    868KB

    MD5

    ebb1a14674aa7b2d0ab587df3acd7ede

    SHA1

    914e7212dcdabdef79804da5ca2b685970315137

    SHA256

    6c15c300ad8707133a1c92051cb2c2258d718185d7384cbef7dc84ecfd862283

    SHA512

    3776a4735b78b5ab7990bd4d2f4f9cee2ee6c749967ec10236ef57e6a6bc30e63d7638a84d454cc93f92bbc2512b91e06114e7bc7f4234abd17506b58432cb8d

    Download Submit