ffe2a83d37b7b5657de5c2c2d3fc3db3f4703a0b1a19a9964226eba696040b09

Analysis

max time kernel
115s
max time network
34s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
26-11-2022 18:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1433_hack44.cn/NB12-18/NetBot5.5.exe
Size

544KB
MD5

6379c36c3bb6e0c758a73251ab663810
SHA1

8bf4731742a1f74914b06706f851d4854172fc92
SHA256

4ba463bf00edf0327909d1b5e9f7e6b193f907716dff57fc3f7330249dcc116d
SHA512

379a5c7b563105fdcd71761ba61093fb788b961a1e3d9d6956f35c199dc11bf9d6fe42a3cfde65552f5eab8f884af797611d081f475eccb8f7b95b3299aaca17
SSDEEP

12288:N+ZF8GCbzHgpjzbgepgC5O6hxZo57oDPzVy3vJaZV:YyfgRjp35O2xqC83vcL

Score

8^/10

upx

Malware Config

Signatures

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral21/memory/1120-61-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-64-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-63-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-66-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-68-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-65-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-72-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-70-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-74-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-76-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-78-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-80-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-82-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-84-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-88-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-86-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-92-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-94-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-90-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-96-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-100-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-98-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-102-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-106-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-104-0x0000000000510000-0x000000000054D000-memory.dmp	upx
behavioral21/memory/1120-108-0x0000000000510000-0x000000000054D000-memory.dmp	upx

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

Processes:

NetBot5.5.exe

pid process

1120 NetBot5.5.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

NetBot5.5.exe

pid process

1120 NetBot5.5.exe
1120 NetBot5.5.exe
1120 NetBot5.5.exe
1120 NetBot5.5.exe

pid	process
1120	NetBot5.5.exe

pid	process
1120	NetBot5.5.exe
1120	NetBot5.5.exe
1120	NetBot5.5.exe
1120	NetBot5.5.exe

C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\NB12-18\NetBot5.5.exe
"C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\NB12-18\NetBot5.5.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetWindowsHookEx
PID:1120

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1120-54-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1120-55-0x0000000075891000-0x0000000075893000-memory.dmp

Filesize
8KB

Download
memory/1120-56-0x0000000010000000-0x00000000101A3000-memory.dmp

Filesize
1.6MB

Download
memory/1120-57-0x0000000010000000-0x00000000101A3000-memory.dmp

Filesize
1.6MB

Download
memory/1120-61-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-64-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-63-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-66-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-68-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-65-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-72-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-70-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-74-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-76-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-78-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-80-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-82-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-84-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-88-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-86-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-92-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-94-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-90-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-96-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-100-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-98-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-102-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-106-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-104-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-107-0x00000000005E9000-0x0000000000602000-memory.dmp

Filesize
100KB

Download
memory/1120-108-0x0000000000510000-0x000000000054D000-memory.dmp

Filesize
244KB

Download
memory/1120-109-0x0000000001F00000-0x0000000001F3E000-memory.dmp

Filesize
248KB

Download
memory/1120-110-0x0000000002480000-0x0000000002590000-memory.dmp

Filesize
1.1MB

Download
memory/1120-112-0x0000000002300000-0x0000000002480000-memory.dmp

Filesize
1.5MB

Download
memory/1120-113-0x0000000002150000-0x00000000021E0000-memory.dmp

Filesize
576KB

Download
memory/1120-111-0x0000000002590000-0x0000000002690000-memory.dmp

Filesize
1024KB

Download
memory/1120-114-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1120-115-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1120-117-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1120-119-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1120-121-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1120-122-0x0000000000400000-0x0000000000506000-memory.dmp

Filesize
1.0MB

Download
memory/1120-123-0x0000000002220000-0x0000000002224000-memory.dmp

Filesize
16KB

Download
memory/1120-125-0x00000000021E0000-0x00000000021E4000-memory.dmp

Filesize
16KB

Download
memory/1120-124-0x0000000001FF0000-0x0000000001FF3000-memory.dmp

Filesize
12KB

Download
memory/1120-126-0x0000000002210000-0x0000000002218000-memory.dmp

Filesize
32KB

Download
memory/1120-127-0x0000000002200000-0x0000000002203000-memory.dmp

Filesize
12KB

Download
memory/1120-128-0x0000000002730000-0x000000000337A000-memory.dmp

Filesize
12.3MB

Download
memory/1120-129-0x0000000010000000-0x00000000101A3000-memory.dmp

Filesize
1.6MB

Download
memory/1120-130-0x0000000001F00000-0x0000000001F3E000-memory.dmp

Filesize
248KB

Download
memory/1120-131-0x0000000002000000-0x0000000002003000-memory.dmp

Filesize
12KB

Download