Overview

overview

7

Static

static

1

77f1b71ba4...df.exe

windows7-x64

7

77f1b71ba4...df.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    30s
  • max time network
    33s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    16/04/2023, 20:23

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77f1b71ba4606e55a50c4c9112f98e4054a262954bbb9bfb864453f5d8253edf.exe

  • Size

    3.4MB

  • MD5

    b010c5dfc2c75507335869a54e63248c

  • SHA1

    ea687006c094ee290490c862ec007e19d9759751

  • SHA256

    77f1b71ba4606e55a50c4c9112f98e4054a262954bbb9bfb864453f5d8253edf

  • SHA512

    15d480a3c00be751e37a3ccdf1bd3477b37c7737602c0ea2105ec3aca54e2aaa2c4e583d0d62f35d6194cc22051a2645a42f73ec34b21cb0f6f14b3b3f6c02ec

  • SSDEEP

    49152:VCyC+IxkuiFlGBIkHPOokeW3rfoSD+s8KuqGaX0ToIBAUZLYGU/:FDGBIkv3k3rfz4JBAUZLI

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 12 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77f1b71ba4606e55a50c4c9112f98e4054a262954bbb9bfb864453f5d8253edf.exe
    "C:\Users\Admin\AppData\Local\Temp\77f1b71ba4606e55a50c4c9112f98e4054a262954bbb9bfb864453f5d8253edf.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2032
    • C:\Windows\SysWOW64\cmd.exe
      cmd /c C:\Users\Admin\AppData\Local\Temp\temp.bat
      2⤵
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1464
      • C:\Windows\SysWOW64\taskkill.exe
        TASKKILL /F /PID 2032
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:800
      • C:\Users\Admin\AppData\Local\Temp\NSUDOLC.exe
        NSUDOLC /U:S /P:E C:\Users\Admin\AppData\Local\Temp\77f1b71ba4606e55a50c4c9112f98e4054a262954bbb9bfb864453f5d8253edf.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:836

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\NSUDOLC.exe
    Filesize

    99KB

    MD5

    0ac3e9d59309f599403ac51615bfe41b

    SHA1

    9041c5562558cb58ac98bd18de3c0ce370a59e1f

    SHA256

    6d5e116c2af78b5585602d91bca3a436a0350630fc7c08412c0cafe55199547c

    SHA512

    e5de92202f4d3ecaff8bd65c99cbbc98c2deaafafe1620be7169d0fed467bfa11ce727fa78f686166758ee3df0b040a2643dbd5a46ee74cc679e647ebdad6910

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\temp.bat
    Filesize

    145B

    MD5

    509142f6b608ea7d1f6db2c85dbd15be

    SHA1

    1068667442c8c47117ea21c5824a62b46e93b43f

    SHA256

    5a0910a3bdf9b8737cd4b324b41991ccff6a8f9e8390f124c94c2324026f208c

    SHA512

    f41a96b97389c5b75343f204f41b13c3590e0ee2790ab2d8bfef6060f57c9bb6600478cfce2e6151284391d0a1fd3dd06ce2695e0bc478e960935b1398874091

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\temp.bat
    Filesize

    145B

    MD5

    509142f6b608ea7d1f6db2c85dbd15be

    SHA1

    1068667442c8c47117ea21c5824a62b46e93b43f

    SHA256

    5a0910a3bdf9b8737cd4b324b41991ccff6a8f9e8390f124c94c2324026f208c

    SHA512

    f41a96b97389c5b75343f204f41b13c3590e0ee2790ab2d8bfef6060f57c9bb6600478cfce2e6151284391d0a1fd3dd06ce2695e0bc478e960935b1398874091

    Download Submit

  • \Users\Admin\AppData\Local\Temp\NSUDOLC.exe
    Filesize

    99KB

    MD5

    0ac3e9d59309f599403ac51615bfe41b

    SHA1

    9041c5562558cb58ac98bd18de3c0ce370a59e1f

    SHA256

    6d5e116c2af78b5585602d91bca3a436a0350630fc7c08412c0cafe55199547c

    SHA512

    e5de92202f4d3ecaff8bd65c99cbbc98c2deaafafe1620be7169d0fed467bfa11ce727fa78f686166758ee3df0b040a2643dbd5a46ee74cc679e647ebdad6910

    Download Submit