Overview

overview

7

Static

static

a32755d689...dd.exe

windows7-x64

7

a32755d689...dd.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    152s
  • max time network
    169s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-11-2022 12:41

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    a32755d689696359940bf755cdaeab6802e981984818108c8a4ff581d6d5e3dd.exe

  • Size

    272KB

  • MD5

    506381575f4c893b923a8810f517fa26

  • SHA1

    62f18d07e71bc5e0f18f63669d2b8f1e5a2a88c1

  • SHA256

    a32755d689696359940bf755cdaeab6802e981984818108c8a4ff581d6d5e3dd

  • SHA512

    0e58e009dd1fcd5196c07666459aeb7a655d80630a4f2f0057423e79d86f63d6959ac87109b530c1d19f1b3e4e7923986858ca46775537d07907a0ca1def571f

  • SSDEEP

    6144:HIcUTKTk+bXaOib9c5RMpohpczXm/QRBvN:vk+GBZZpo4zXoChN

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 2 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\a32755d689696359940bf755cdaeab6802e981984818108c8a4ff581d6d5e3dd.exe
    "C:\Users\Admin\AppData\Local\Temp\a32755d689696359940bf755cdaeab6802e981984818108c8a4ff581d6d5e3dd.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:2132
  • C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe -k sougou
    1⤵
    • Loads dropped DLL
    • Suspicious behavior: EnumeratesProcesses
    PID:2760

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Usab\Dgnaqmalr.jpg
    Filesize

    6.6MB

    MD5

    a032c7ceff42684946924021130b14e7

    SHA1

    f4007055faaf7e7e17bfeb9b690cf097680c9690

    SHA256

    d8ee0f060b29660f8ef48d58dce0f69009e6ade719821e5670c5f20f13728f3d

    SHA512

    444e1ea1097998b4d941bb70d6104a4bd4db9b7678e874a71b27caab49740351c58036f61a7a6e64aaabf1fb668893137c5dabfec29ce588c165d31b2bcc8e45

    Download Submit
  • C:\Windows\xinstall3173600.dll
    Filesize

    213KB

    MD5

    4cae3d9e125ecd8c92e59e316423e29c

    SHA1

    c1ca72285f66c6333540a23679a467123677d87d

    SHA256

    248c2acb743050a659677ceecdddccd7fe0f602db91138e631e1b698476b1cc0

    SHA512

    3dd359c6762a3858b5b059e7ba68f7525916993b8c757b532658b610a12ba4df0ed93f30ab7898517e7b72ce25277ff2f3f6b73ebee99d3d635b2ecedb9616f3

    Download Submit
  • C:\windows\xinstall3173600.dll
    Filesize

    213KB

    MD5

    4cae3d9e125ecd8c92e59e316423e29c

    SHA1

    c1ca72285f66c6333540a23679a467123677d87d

    SHA256

    248c2acb743050a659677ceecdddccd7fe0f602db91138e631e1b698476b1cc0

    SHA512

    3dd359c6762a3858b5b059e7ba68f7525916993b8c757b532658b610a12ba4df0ed93f30ab7898517e7b72ce25277ff2f3f6b73ebee99d3d635b2ecedb9616f3

    Download Submit
  • \??\c:\Win_lj.ini
    Filesize

    133B

    MD5

    f1e87d753beb0da05ded64602275d796

    SHA1

    10c0a935f8d92e132bcd2ed4c51b08c8ca947ef3

    SHA256

    65b2e49b137ba70db1d9a4e2ac55dc8ef4f6569e4432c996b63d1c01b0e27f4c

    SHA512

    6477fe862b78b7628306e62f7a5b2d509126e2a70b5d58937a2ea964048080d15782ec3dd0800c1d209652c6c566e935e5972f9010ceade5ead1e9fae78924e9

    Download Submit
  • \??\c:\program files (x86)\usab\dgnaqmalr.jpg
    Filesize

    6.6MB

    MD5

    a032c7ceff42684946924021130b14e7

    SHA1

    f4007055faaf7e7e17bfeb9b690cf097680c9690

    SHA256

    d8ee0f060b29660f8ef48d58dce0f69009e6ade719821e5670c5f20f13728f3d

    SHA512

    444e1ea1097998b4d941bb70d6104a4bd4db9b7678e874a71b27caab49740351c58036f61a7a6e64aaabf1fb668893137c5dabfec29ce588c165d31b2bcc8e45

    Download Submit
  • memory/2132-133-0x0000000010000000-0x0000000010037000-memory.dmp
    Filesize

    220KB

    Download
  • memory/2132-135-0x0000000010000000-0x0000000010037000-memory.dmp
    Filesize

    220KB

    Download
  • memory/2760-137-0x0000000010000000-0x0000000010037000-memory.dmp
    Filesize

    220KB

    Download
  • memory/2760-140-0x0000000010000000-0x0000000010037000-memory.dmp
    Filesize

    220KB

    Download