Overview
overview
10Static
static
10unpacme/Bllfgyszs.exe
windows7-x64
10unpacme/Bllfgyszs.exe
windows10-2004-x64
10unpacme/Ne...on.dll
windows7-x64
1unpacme/Ne...on.dll
windows10-2004-x64
1unpacme/Xg...nb.dll
windows7-x64
1unpacme/Xg...nb.dll
windows10-2004-x64
1unpacme/_.dll
windows7-x64
1unpacme/_.dll
windows10-2004-x64
1unpacme/test.exe
windows7-x64
6unpacme/test.exe
windows10-2004-x64
6Analysis
-
max time kernel
124s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system -
submitted
05-01-2023 00:49
Static task
static1
Behavioral task
behavioral1
Sample
unpacme/Bllfgyszs.exe
Resource
win7-20220812-en
Behavioral task
behavioral2
Sample
unpacme/Bllfgyszs.exe
Resource
win10v2004-20220812-en
Behavioral task
behavioral3
Sample
unpacme/Newtonsoft.Json.dll
Resource
win7-20220901-en
Behavioral task
behavioral4
Sample
unpacme/Newtonsoft.Json.dll
Resource
win10v2004-20220812-en
Behavioral task
behavioral5
Sample
unpacme/Xgibxdxqilgiamhhnb.dll
Resource
win7-20221111-en
Behavioral task
behavioral6
Sample
unpacme/Xgibxdxqilgiamhhnb.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral7
Sample
unpacme/_.dll
Resource
win7-20220812-en
Behavioral task
behavioral8
Sample
unpacme/_.dll
Resource
win10v2004-20221111-en
Behavioral task
behavioral9
Sample
unpacme/test.exe
Resource
win7-20220901-en
Behavioral task
behavioral10
Sample
unpacme/test.exe
Resource
win10v2004-20221111-en
General
-
Target
unpacme/test.exe
-
Size
638KB
-
MD5
bcf49744ba4944dc810f4185ab8a9d50
-
SHA1
cf32e495575bee1e9382f7e4ac34674b9aec47b4
-
SHA256
ad313baf55b55cd37d1d7dc6db9a8d60783b77d187430c043b1e2fcf4ae6b064
-
SHA512
9307abb61485930e6008e930f71a6472ff2041202213edc580c6a06825d2d76519d0fa82e4250478dcfd12867ddbd9ca9e8c6fd553b0887e3fdd0e61cc7b988f
-
SSDEEP
12288:ksqQ30A60bBykAY/qmsz1TNetLiWMVbem8LPF:ksQwz/qm4N4LLx9
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
description pid Process Token: SeDebugPrivilege 2644 test.exe