5522b7cbad20af72d44fd55f347465bc63a09ff7373b62482f2a4b270e0c73cd

Analysis

max time kernel
94s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31-03-2023 19:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Adobe Flash 31 Windows/flashplayer31_0r0_153_winpep.exe
Size

20.1MB
MD5

76f9255715efdbfb829bd0e22bc3406a
SHA1

321eb7717526ac36b0e5fc234a9284405af5b004
SHA256

378e7459c409fdba0c9a2ee4afc059ef03981fd857e4fb9028b95bef7c206dab
SHA512

674c9b7134ddfd5b114c72723511d2421de73d13c6bd301a0f4a7dfc5a8a37ac5486cc066a73168d30f5bb4557d794792db93f75dcb4b2797f01306f9b65dc10
SSDEEP

393216:bo0VBwUn2kZ7P/7Eu2vPsHz5BomtJZh4eh:80MzkZDzEuak5BNlp

Score

7^/10

evasion trojan

Malware Config

Signatures

Loads dropped DLL 3 IoCs

Processes:

flashplayer31_0r0_153_winpep.exe

pid process

2700 flashplayer31_0r0_153_winpep.exe
2700 flashplayer31_0r0_153_winpep.exe
2700 flashplayer31_0r0_153_winpep.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

flashplayer31_0r0_153_winpep.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	flashplayer31_0r0_153_winpep.exe

Drops file in System32 directory 2 IoCs

Processes:

flashplayer31_0r0_153_winpep.exe

description	ioc	process
File created	C:\Windows\SysWOW64\Macromed\Temp\{C8421A6C-99AB-49FE-9DFA-B85DF1E1E57F}\fpb.tmp	flashplayer31_0r0_153_winpep.exe
File created	C:\Windows\SysWOW64\Macromed\Temp\{2248B534-7707-4A99-8669-FEA8D7C2718E}\fpb.tmp	flashplayer31_0r0_153_winpep.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

flashplayer31_0r0_153_winpep.exe

pid	process
2700	flashplayer31_0r0_153_winpep.exe
2700	flashplayer31_0r0_153_winpep.exe
2700	flashplayer31_0r0_153_winpep.exe
2700	flashplayer31_0r0_153_winpep.exe
2700	flashplayer31_0r0_153_winpep.exe
2700	flashplayer31_0r0_153_winpep.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

flashplayer31_0r0_153_winpep.exe

pid process

2700 flashplayer31_0r0_153_winpep.exe

C:\Users\Admin\AppData\Local\Temp\Adobe Flash 31 Windows\flashplayer31_0r0_153_winpep.exe
"C:\Users\Admin\AppData\Local\Temp\Adobe Flash 31 Windows\flashplayer31_0r0_153_winpep.exe"
1⤵
- Loads dropped DLL
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2700

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\Macromed\Temp\{2248B534-7707-4A99-8669-FEA8D7C2718E}\fpb.tmp
Filesize
577KB

MD5
bb013a71fae47bc5a10cade4bd1594aa

SHA1
a39267a670c4bd06110b67246a64e5b8e2b94a3a

SHA256
cdd9e30cf67aed28e98377b32e9e5cb576cae62d242ec702fdbbd55a608c28cf

SHA512
55e3cc16dc34ac27985648c26526ead365d582287af56810859a98e3d8c13bdd505eb6a94855a19a232cda29de0ef65d6e9c0299a793512f6b9e27ffc8a0a7c6

Download Submit
C:\Windows\SysWOW64\Macromed\Temp\{C8421A6C-99AB-49FE-9DFA-B85DF1E1E57F}\fpb.tmp
Filesize
1.4MB

MD5
a3179983f08f56ee59690fa91a89762d

SHA1
7013c2f529e571e3a22ce1c8c87def09151b0fc5

SHA256
b159c6418c990229fa4a3edde46584457a726fa2d49961fb38e4cafc8bd1db9c

SHA512
548894b435ae3f097a319f59c688945e9d82ab22ecddfd22a7295600eae99caf2e91f9d71f51861b14d7843f29f6a8e06e1a474ab80d97661815decc8312b5a8

Download Submit
C:\Windows\SysWOW64\Macromed\Temp\{C8421A6C-99AB-49FE-9DFA-B85DF1E1E57F}\fpb.tmp
Filesize
1.4MB

MD5
a3179983f08f56ee59690fa91a89762d

SHA1
7013c2f529e571e3a22ce1c8c87def09151b0fc5

SHA256
b159c6418c990229fa4a3edde46584457a726fa2d49961fb38e4cafc8bd1db9c

SHA512
548894b435ae3f097a319f59c688945e9d82ab22ecddfd22a7295600eae99caf2e91f9d71f51861b14d7843f29f6a8e06e1a474ab80d97661815decc8312b5a8

Download Submit