Analysis
-
max time kernel
144s -
max time network
150s -
platform
windows7_x64 -
resource
win7-20230220-en -
resource tags
arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system -
submitted
01-03-2023 09:11
Static task
static1
Behavioral task
behavioral1
Sample
dumped.exe
Resource
win7-20230220-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral2
Sample
dumped.exe
Resource
win10v2004-20230220-en
windows10-2004-x64
3 signatures
150 seconds
General
-
Target
dumped.exe
-
Size
860KB
-
MD5
e16b13843a4dd08c6821dd2cf5c294bf
-
SHA1
c2fa411264141dbfc203af4c58e58be3c980597d
-
SHA256
74f644570bfb9338824c6967401d64c4e8e2b078810102a6825e8849fd2d09a0
-
SHA512
d9c84199cc8ae50829d5310f3ee755b2fc1155783e5deeb4572d9630b4ec9d8e24254cc062fadb302abdd4ac529faa4e8e51cbcb7b6f800edc87eb2137ce6946
-
SSDEEP
24576:GwF0biOMSAIPqabkHJOAIAzWMCkPYz4+l9IjlWe1u1M:Ge0uO544Me
Score
10/10
Malware Config
Extracted
Family
systembc
C2
210.16.67.250:3000
192.168.1.28:3000
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
dumped.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run dumped.exe Set value (str) \REGISTRY\USER\S-1-5-21-1283023626-844874658-3193756055-1000\Software\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\AppData\\Local\\Temp\\dumped.exe'\"" dumped.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
dumped.exepid process 1448 dumped.exe 1448 dumped.exe 1448 dumped.exe 1448 dumped.exe 1448 dumped.exe