Overview

overview

8

Static

static

8

1433_hack4...st.exe

windows7-x64

8

1433_hack4...st.exe

windows10-2004-x64

1

1433_hack4...��.exe

windows7-x64

8

1433_hack4...��.exe

windows10-2004-x64

8

1433_hack4...er.exe

windows7-x64

1433_hack4...er.exe

windows10-2004-x64

1433_hack4...me.swf

windows7-x64

3

1433_hack4...me.swf

windows10-2004-x64

3

1433_hack4...in.url

windows7-x64

6

1433_hack4...in.url

windows10-2004-x64

1433_hack4...��.url

windows7-x64

1

1433_hack4...��.url

windows10-2004-x64

1

1433_hack4...��.url

windows7-x64

1

1433_hack4...��.url

windows10-2004-x64

1

1433_hack4...13.exe

windows7-x64

1

1433_hack4...13.exe

windows10-2004-x64

1

1433_hack4...14.exe

windows7-x64

1

1433_hack4...14.exe

windows10-2004-x64

1

1433_hack4...��.exe

windows7-x64

8

1433_hack4...��.exe

windows10-2004-x64

8

1433_hack4....5.exe

windows7-x64

8

1433_hack4....5.exe

windows10-2004-x64

8

1433_hack4...nH.dll

windows7-x64

8

1433_hack4...nH.dll

windows10-2004-x64

1433_hack4...��.exe

windows7-x64

1

1433_hack4...��.exe

windows10-2004-x64

1

1433_hack4...fs.exe

windows7-x64

6

1433_hack4...fs.exe

windows10-2004-x64

1433_hack4...ex.hta

windows7-x64

1

1433_hack4...ex.hta

windows10-2004-x64

1

1433_hack4...SD.exe

windows7-x64

3

1433_hack4...SD.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    130s
  • max time network
    248s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26-11-2022 18:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    1433_hack44.cn/NB12-18/NetBot5.5.exe

  • Size

    544KB

  • MD5

    6379c36c3bb6e0c758a73251ab663810

  • SHA1

    8bf4731742a1f74914b06706f851d4854172fc92

  • SHA256

    4ba463bf00edf0327909d1b5e9f7e6b193f907716dff57fc3f7330249dcc116d

  • SHA512

    379a5c7b563105fdcd71761ba61093fb788b961a1e3d9d6956f35c199dc11bf9d6fe42a3cfde65552f5eab8f884af797611d081f475eccb8f7b95b3299aaca17

  • SSDEEP

    12288:N+ZF8GCbzHgpjzbgepgC5O6hxZo57oDPzVy3vJaZV:YyfgRjp35O2xqC83vcL

Score
8/10
upx

Malware Config

Signatures

  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs
  • Program crash 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\NB12-18\NetBot5.5.exe
    "C:\Users\Admin\AppData\Local\Temp\1433_hack44.cn\NB12-18\NetBot5.5.exe"
    1⤵
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Suspicious use of SetWindowsHookEx
    PID:4908
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 656
      2⤵
      • Program crash
      PID:228
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 4908 -ip 4908
    1⤵
      PID:2124

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/4908-132-0x0000000000400000-0x0000000000506000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4908-133-0x0000000010000000-0x00000000101A3000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4908-134-0x0000000010000000-0x00000000101A3000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/4908-138-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-140-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-141-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-142-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-143-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-145-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-147-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-149-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-151-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-153-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-155-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-157-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-159-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-161-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-163-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-166-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-168-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-170-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-172-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-174-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-176-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-178-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-180-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-182-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-184-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-185-0x0000000000400000-0x0000000000506000-memory.dmp

      Filesize

      1.0MB

      Download

    • memory/4908-187-0x0000000002450000-0x000000000248D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/4908-186-0x0000000010000000-0x00000000101A3000-memory.dmp

      Filesize

      1.6MB

      Download