Overview

overview

8

Static

static

8

rufus-3.16.exe

windows7-x64

8

rufus-3.16.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    245s
  • max time network
    248s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-es
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-eslocale:es-esos:windows10-2004-x64systemwindows
  • submitted
    03-01-2023 19:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    rufus-3.16.exe

  • Size

    1.1MB

  • MD5

    cd0bf68624ed7b1fb3be5aac4c610c16

  • SHA1

    ee16f346961ffb8093ea7b6e0821a1ee8fd226aa

  • SHA256

    00a0e0356a707a259b7605b292e51d081452ab4e2d5eb5ab7da1f10b0794c62f

  • SHA512

    f35edb5612702b5353a905a7ba53a058c08025dfd14f279944712c6963714409a0bb3494407f9348513556ab907a38b9ec2e8d756bcc985925a422c80f0c56af

  • SSDEEP

    24576:F+rBgnukuBjh4rVfUY0TEoaLR4ISvSOeiSY4U+0CcvW8RPM9XL:cx6VV3mcyNdWR

Score
8/10
evasiontrojanupx

Malware Config

Signatures

  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\rufus-3.16.exe
    "C:\Users\Admin\AppData\Local\Temp\rufus-3.16.exe"
    1⤵
    • Checks whether UAC is enabled
    • Drops file in System32 directory
    • Suspicious use of AdjustPrivilegeToken
    PID:5032
  • C:\Windows\System32\vdsldr.exe
    C:\Windows\System32\vdsldr.exe -Embedding
    1⤵
      PID:4256
    • C:\Windows\System32\vds.exe
      C:\Windows\System32\vds.exe
      1⤵
        PID:2364
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
        1⤵
          PID:968
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s fhsvc
          1⤵
            PID:1160
          • C:\Windows\System32\vds.exe
            C:\Windows\System32\vds.exe
            1⤵
              PID:4300

            Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • memory/5032-132-0x0000000000630000-0x000000000098A000-memory.dmp

              Filesize

              3.4MB

              Download

            • memory/5032-133-0x0000000000630000-0x000000000098A000-memory.dmp

              Filesize

              3.4MB

              Download