Analysis
-
max time kernel
110s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system -
submitted
29-12-2022 12:10
Behavioral task
behavioral1
Sample
c9702d33d65b6b24d32170f461240217.exe
Resource
win7-20220812-en
General
-
Target
c9702d33d65b6b24d32170f461240217.exe
-
Size
214KB
-
MD5
c9702d33d65b6b24d32170f461240217
-
SHA1
aacac19e5153e82e046b07e0c51b039e59bb4f66
-
SHA256
9155fa1ea8c37176f6d3fc2438ac6217a4ca28ce279b510e9e7c1a89eb0f9800
-
SHA512
e333a10e7015b978d8c74c7fad5beeaccbcc7e717aa06232f4729d81bc5973e0d72f6d067e5ffc2323ec849b58e1db95005923f37fe0c85fae9f13d54a6e262e
-
SSDEEP
6144:Ig72OD+LbR4/R/yIoqy9r0wUXXCU/M7dvaUQ/Hw14fZNw:j6Oo5Jr0wU9/oo/GMZi
Malware Config
Extracted
systembc
scserv1.info:4077
scserv2.info:4077
Signatures
-
Executes dropped EXE 2 IoCs
Processes:
suiui.exesuiui.exepid process 224 suiui.exe 4360 suiui.exe -
Drops file in Windows directory 2 IoCs
Processes:
c9702d33d65b6b24d32170f461240217.exedescription ioc process File created C:\Windows\Tasks\suiui.job c9702d33d65b6b24d32170f461240217.exe File opened for modification C:\Windows\Tasks\suiui.job c9702d33d65b6b24d32170f461240217.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
c9702d33d65b6b24d32170f461240217.exepid process 3224 c9702d33d65b6b24d32170f461240217.exe 3224 c9702d33d65b6b24d32170f461240217.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\c9702d33d65b6b24d32170f461240217.exe"C:\Users\Admin\AppData\Local\Temp\c9702d33d65b6b24d32170f461240217.exe"1⤵
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
-
C:\ProgramData\buqrmh\suiui.exeC:\ProgramData\buqrmh\suiui.exe start21⤵
- Executes dropped EXE
-
C:\ProgramData\buqrmh\suiui.exeC:\ProgramData\buqrmh\suiui.exe start21⤵
- Executes dropped EXE
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\buqrmh\suiui.exeFilesize
214KB
MD5c9702d33d65b6b24d32170f461240217
SHA1aacac19e5153e82e046b07e0c51b039e59bb4f66
SHA2569155fa1ea8c37176f6d3fc2438ac6217a4ca28ce279b510e9e7c1a89eb0f9800
SHA512e333a10e7015b978d8c74c7fad5beeaccbcc7e717aa06232f4729d81bc5973e0d72f6d067e5ffc2323ec849b58e1db95005923f37fe0c85fae9f13d54a6e262e
-
C:\ProgramData\buqrmh\suiui.exeFilesize
214KB
MD5c9702d33d65b6b24d32170f461240217
SHA1aacac19e5153e82e046b07e0c51b039e59bb4f66
SHA2569155fa1ea8c37176f6d3fc2438ac6217a4ca28ce279b510e9e7c1a89eb0f9800
SHA512e333a10e7015b978d8c74c7fad5beeaccbcc7e717aa06232f4729d81bc5973e0d72f6d067e5ffc2323ec849b58e1db95005923f37fe0c85fae9f13d54a6e262e
-
C:\ProgramData\buqrmh\suiui.exeFilesize
214KB
MD5c9702d33d65b6b24d32170f461240217
SHA1aacac19e5153e82e046b07e0c51b039e59bb4f66
SHA2569155fa1ea8c37176f6d3fc2438ac6217a4ca28ce279b510e9e7c1a89eb0f9800
SHA512e333a10e7015b978d8c74c7fad5beeaccbcc7e717aa06232f4729d81bc5973e0d72f6d067e5ffc2323ec849b58e1db95005923f37fe0c85fae9f13d54a6e262e