Overview

overview

10

Static

static

f92423862c...5f.exe

windows7-x64

10

f92423862c...5f.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    156s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220812-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-12-2022 10:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    f92423862cafe75535d33bbd79460b52f1882aee4df8925d4dfd4c1a7d20325f.exe

  • Size

    425KB

  • MD5

    cf98f01911d6d3f7c178840266a31829

  • SHA1

    2caa8db3df451cfdfbd5520c3517f6219885c307

  • SHA256

    f92423862cafe75535d33bbd79460b52f1882aee4df8925d4dfd4c1a7d20325f

  • SHA512

    9c47aa0a30e43eb8535bb48d8b268dbebe596ae26395e311de8a476257992cb4b2933f3a4d0a10cc3dd3fa248383492cd5bbaad82785dd4d3b2ef700c954f550

  • SSDEEP

    12288:ZK2mhAMJ/cPl1mJmZbWS8TCuflvFUeXc1DB3Z1enHojuDQQMAc:Y2O/Gl1mCyS6CiPexZ1enHo6DQQg

Score
10/10
plugxtrojan

Malware Config

Signatures

  • Detects PlugX payload 8 IoCs
  • PlugX

    PlugX is a RAT (Remote Access Trojan) that has been around since 2008.

    trojanplugx
  • Executes dropped EXE 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Modifies data under HKEY_USERS 17 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 19 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\f92423862cafe75535d33bbd79460b52f1882aee4df8925d4dfd4c1a7d20325f.exe
    "C:\Users\Admin\AppData\Local\Temp\f92423862cafe75535d33bbd79460b52f1882aee4df8925d4dfd4c1a7d20325f.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:984
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\360.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\360.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1572
  • C:\ProgramData\MSVC\360.exe
    "C:\ProgramData\MSVC\360.exe" 100 1572
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    PID:5048
  • C:\ProgramData\MSVC\360.exe
    "C:\ProgramData\MSVC\360.exe" 200 0
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:5040
    • C:\Windows\SysWOW64\svchost.exe
      C:\Windows\system32\svchost.exe 201 0
      2⤵
      • Modifies data under HKEY_USERS
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:424
      • C:\Windows\SysWOW64\msiexec.exe
        C:\Windows\system32\msiexec.exe 209 424
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of AdjustPrivilegeToken
        PID:684

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\MSVC\360.exe
    Filesize

    437KB

    MD5

    e72ec6011d88822322677c9de75a3eaa

    SHA1

    bde02d9b2b69960d6f16ea3b867861fe5515c844

    SHA256

    93efac9c96d5a1cab41efe1c96b3ada7ee5eff6014b1ca68ff087a8154e2f16b

    SHA512

    d4fe25b7718a348bd6988aac4a31d1ea0f314f32bd2f5d30efecab6b076d19a5a18c66eb477afc32691717432a83b38f22c2be8ee477dba6d5d0794f01d8e22c

    Download Submit

  • C:\ProgramData\MSVC\360.exe
    Filesize

    437KB

    MD5

    e72ec6011d88822322677c9de75a3eaa

    SHA1

    bde02d9b2b69960d6f16ea3b867861fe5515c844

    SHA256

    93efac9c96d5a1cab41efe1c96b3ada7ee5eff6014b1ca68ff087a8154e2f16b

    SHA512

    d4fe25b7718a348bd6988aac4a31d1ea0f314f32bd2f5d30efecab6b076d19a5a18c66eb477afc32691717432a83b38f22c2be8ee477dba6d5d0794f01d8e22c

    Download Submit

  • C:\ProgramData\MSVC\360.exe
    Filesize

    437KB

    MD5

    e72ec6011d88822322677c9de75a3eaa

    SHA1

    bde02d9b2b69960d6f16ea3b867861fe5515c844

    SHA256

    93efac9c96d5a1cab41efe1c96b3ada7ee5eff6014b1ca68ff087a8154e2f16b

    SHA512

    d4fe25b7718a348bd6988aac4a31d1ea0f314f32bd2f5d30efecab6b076d19a5a18c66eb477afc32691717432a83b38f22c2be8ee477dba6d5d0794f01d8e22c

    Download Submit

  • C:\ProgramData\MSVC\360.fuck
    Filesize

    120KB

    MD5

    f561d0d28c536749c6dd72850135a49e

    SHA1

    b574c0f5536b226e616037b390f3cb3de7b062ab

    SHA256

    82c2471f9f1203a4c88619f0eecb48117321f55477022136bc39bdeb770d02ea

    SHA512

    4ffd27af456dfdf8bad489b64976c0388b5056846bb0dd060cc871b8bb08510c048ce9f5ef4df7cfa35a0b7733ee266c50e96decba2c63a855d727ee25aa14f0

    Download Submit

  • C:\ProgramData\MSVC\D3DX81ab.dll
    Filesize

    10KB

    MD5

    365e0de20192c7838da69d35149a914e

    SHA1

    9823e30b00f3fda97e674c9407791e007e20d9d0

    SHA256

    d610368d9af29b35465663406a7491e5eca23b95455581117c0f01654ee4ef72

    SHA512

    f341761ca7b0e2720bfadb9ce888ba8de4b59088e4bde2a800f1694a8d87b53f310489caaed0b1d9f4a05ee033bc7fe2b2e228f9e1bfa794c5f7dc5c156bb029

    Download Submit

  • C:\ProgramData\MSVC\D3DX81ab.dll
    Filesize

    10KB

    MD5

    365e0de20192c7838da69d35149a914e

    SHA1

    9823e30b00f3fda97e674c9407791e007e20d9d0

    SHA256

    d610368d9af29b35465663406a7491e5eca23b95455581117c0f01654ee4ef72

    SHA512

    f341761ca7b0e2720bfadb9ce888ba8de4b59088e4bde2a800f1694a8d87b53f310489caaed0b1d9f4a05ee033bc7fe2b2e228f9e1bfa794c5f7dc5c156bb029

    Download Submit

  • C:\ProgramData\MSVC\D3DX81ab.dll
    Filesize

    10KB

    MD5

    365e0de20192c7838da69d35149a914e

    SHA1

    9823e30b00f3fda97e674c9407791e007e20d9d0

    SHA256

    d610368d9af29b35465663406a7491e5eca23b95455581117c0f01654ee4ef72

    SHA512

    f341761ca7b0e2720bfadb9ce888ba8de4b59088e4bde2a800f1694a8d87b53f310489caaed0b1d9f4a05ee033bc7fe2b2e228f9e1bfa794c5f7dc5c156bb029

    Download Submit

  • C:\ProgramData\SxS\bug.log
    Filesize

    622B

    MD5

    a21d8982219a38980491222b752d0e98

    SHA1

    9a40371b4d4eb4604b84c0137f41152f4194ce65

    SHA256

    469aab2560846aff7810ee0f6364c3bed04b152ffcae13d2b9691262de2c2ea4

    SHA512

    2d5965ac69928067f0f08f3f2ae06798ac7a15bcd885b7e73d8431b1cbb843ab00ec99a2b15621e3a6f152e63682aff10d12b7e354bc264a3ded769db87584f2

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\360.exe
    Filesize

    437KB

    MD5

    e72ec6011d88822322677c9de75a3eaa

    SHA1

    bde02d9b2b69960d6f16ea3b867861fe5515c844

    SHA256

    93efac9c96d5a1cab41efe1c96b3ada7ee5eff6014b1ca68ff087a8154e2f16b

    SHA512

    d4fe25b7718a348bd6988aac4a31d1ea0f314f32bd2f5d30efecab6b076d19a5a18c66eb477afc32691717432a83b38f22c2be8ee477dba6d5d0794f01d8e22c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\360.exe
    Filesize

    437KB

    MD5

    e72ec6011d88822322677c9de75a3eaa

    SHA1

    bde02d9b2b69960d6f16ea3b867861fe5515c844

    SHA256

    93efac9c96d5a1cab41efe1c96b3ada7ee5eff6014b1ca68ff087a8154e2f16b

    SHA512

    d4fe25b7718a348bd6988aac4a31d1ea0f314f32bd2f5d30efecab6b076d19a5a18c66eb477afc32691717432a83b38f22c2be8ee477dba6d5d0794f01d8e22c

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\360.fuck
    Filesize

    120KB

    MD5

    f561d0d28c536749c6dd72850135a49e

    SHA1

    b574c0f5536b226e616037b390f3cb3de7b062ab

    SHA256

    82c2471f9f1203a4c88619f0eecb48117321f55477022136bc39bdeb770d02ea

    SHA512

    4ffd27af456dfdf8bad489b64976c0388b5056846bb0dd060cc871b8bb08510c048ce9f5ef4df7cfa35a0b7733ee266c50e96decba2c63a855d727ee25aa14f0

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\D3DX81ab.dll
    Filesize

    10KB

    MD5

    365e0de20192c7838da69d35149a914e

    SHA1

    9823e30b00f3fda97e674c9407791e007e20d9d0

    SHA256

    d610368d9af29b35465663406a7491e5eca23b95455581117c0f01654ee4ef72

    SHA512

    f341761ca7b0e2720bfadb9ce888ba8de4b59088e4bde2a800f1694a8d87b53f310489caaed0b1d9f4a05ee033bc7fe2b2e228f9e1bfa794c5f7dc5c156bb029

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\RarSFX0\D3DX81ab.dll
    Filesize

    10KB

    MD5

    365e0de20192c7838da69d35149a914e

    SHA1

    9823e30b00f3fda97e674c9407791e007e20d9d0

    SHA256

    d610368d9af29b35465663406a7491e5eca23b95455581117c0f01654ee4ef72

    SHA512

    f341761ca7b0e2720bfadb9ce888ba8de4b59088e4bde2a800f1694a8d87b53f310489caaed0b1d9f4a05ee033bc7fe2b2e228f9e1bfa794c5f7dc5c156bb029

    Download Submit

  • memory/424-154-0x00000000009B0000-0x00000000009E0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/424-158-0x00000000009B0000-0x00000000009E0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/684-157-0x0000000002C70000-0x0000000002CA0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/684-159-0x0000000002C70000-0x0000000002CA0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/1572-141-0x00000000004C0000-0x00000000004DF000-memory.dmp

    Filesize

    124KB

    Download

  • memory/1572-142-0x00000000023C0000-0x00000000023F0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/5040-151-0x0000000000E00000-0x0000000000E30000-memory.dmp

    Filesize

    192KB

    Download

  • memory/5048-155-0x0000000000780000-0x00000000007B0000-memory.dmp

    Filesize

    192KB

    Download

  • memory/5048-150-0x0000000000780000-0x00000000007B0000-memory.dmp

    Filesize

    192KB

    Download