Overview

overview

7

Static

static

3

MEMZ.exe

windows7-x64

6

MEMZ.exe

windows10-2004-x64

7

Resubmissions

05/05/2023, 12:47

230505-pz63waaf24 7

04/05/2023, 21:52

230504-1q4f6sfd43 8

04/05/2023, 20:56

230504-zrfwtsha3v 7

04/05/2023, 20:51

230504-znmvzagh9t 7

Analysis

  • max time kernel
    150s
  • max time network
    147s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2023, 12:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    MEMZ.exe

  • Size

    16KB

  • MD5

    1d5ad9c8d3fee874d0feb8bfac220a11

  • SHA1

    ca6d3f7e6c784155f664a9179ca64e4034df9595

  • SHA256

    3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

  • SHA512

    c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

  • SSDEEP

    192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score
6/10
bootkitpersistence

Malware Config

Signatures

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
    "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1408
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1696
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1072
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1548
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1536
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:1108
    • C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
      "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
      2⤵
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of WriteProcessMemory
      PID:1528
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\System32\notepad.exe" \note.txt
        3⤵
          PID:860
        • C:\Program Files\Internet Explorer\iexplore.exe
          "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=minecraft+hax+download+no+virus
          3⤵
          • Modifies Internet Explorer settings
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1924
          • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1924 CREDAT:275457 /prefetch:2
            4⤵
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1648
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x1c0
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:688

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      62KB

      MD5

      3ac860860707baaf32469fa7cc7c0192

      SHA1

      c33c2acdaba0e6fa41fd2f00f186804722477639

      SHA256

      d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904

      SHA512

      d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
      Filesize

      62KB

      MD5

      b5fcc55cffd66f38d548e8b63206c5e6

      SHA1

      79db08ababfa33a4f644fa8fe337195b5aba44c7

      SHA256

      7730df1165195dd5bb6b40d6e519b4ce07aceb03601a77bca6535d31698d4ca1

      SHA512

      aaa17175e90dbca04f0fa753084731313e70119fef7d408b41ff4170116ab24eaee0bd05dca2cc43464b1ee920819e5ce6f6e750d97e3c4fc605f01e7ff9c649

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      091f82c211f620a3faa14ff0393d3ede

      SHA1

      fb3d9f12d6970e84bf0d66803c0bc93ec9ec71c9

      SHA256

      80a99cdad37088516484447bc7c7bfad643321995b42bce3db2d856cd79228f5

      SHA512

      94a54f0f608421ab8fefeaea57559e29a354cfd2cd6b92acceac3a4cfa14c6179a49d52e210212bc3e6d8bef6b08dacf5594f32cec37ba926405d0d9c87ded39

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      4236c8d5f5218e1d63937dbad25a1f23

      SHA1

      646dbbb03d1f066bdc458a5f7197af3631a19d39

      SHA256

      a07b0fa5b30939af39cdf760ff58816d82d774acab53b4444d80415db17a4ca7

      SHA512

      43b90a47b12497a599f7f284d901d1ad860a871f8dab027efe785f014dfc81a78eb336e6755fe3721ffd983dd11f23e1e29da24f28d17af4212c6e1f6f8f8a0f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      e1eec91e97cf1021067ee2be1648b829

      SHA1

      9d65bfa6374d23b6c3640c49dc81ba67e9c5daaa

      SHA256

      ff46c62060c19769e1326832fd143d6ec5998173ea4b28e839da053310e750b1

      SHA512

      543d4593da86a0b15ec79ed5c9a41dd319cbe5786646d7033c44daa7af70e727e48b5bbe0d70eb9d743e9ca8ec79c2419a40587d16cf193d3ac701ecfa383842

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c31d964231101c7cc22bbd1c4b6d8be9

      SHA1

      ee48e85eb884a0ff1a0406b05ba8943f5c4f0177

      SHA256

      d75ba94354f3e864bf834bf963a8ba72dd16fbd2ce6474a24b057a508cd87c4c

      SHA512

      d74aa82dc519fd66cb3a7262b1c4cb0842fb5c7d2f49a1f9d8863fa64f3dd778699c8a534d9e557371d7da11572339c11ccaa7c7077b02a2fd9556c9ede6d36f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      ec003a504bb88fb8ea9f43c14c6628cf

      SHA1

      c9bddba45a919251c1b30b09a4e1f679f8fdd4f9

      SHA256

      6e23115831f72adc9e65794bea6a9891541b9d88a98b97b0818068c3d4915554

      SHA512

      f4e76b8d59bd77e7a03aabda947fdba7e1321c9e4e275fdbb8e7a615060de526af71ab34819c5a96059a7fc667049e573cedad138ce771c7ae16308fd7d25b4a

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      89ab39ef7acf632c6f771c1b397de019

      SHA1

      23e18c73a57a6a8251cf03595536d61e8f6ba91d

      SHA256

      f60fc7dd5d0a9a55b01a4ecbdae868523f812e3cf497cafec27afdb6ff6aaad7

      SHA512

      811e716acb2e74b3a150451bcbe26d36eda6671e99f51b294659f415d138a82de2d0a28051258b997eedaa5cd635ec8497b975c24b9bd0b3459fd02bf775693f

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      c7074c3ce3bb39931690e3d227194d40

      SHA1

      26f133b023af1e14602489b26fb69905047fd023

      SHA256

      9ec01b688bd6dd1782edcc73671d409b9dde60777f1aaf1e8e6ded48252b8c1a

      SHA512

      d8117bc70a659bf02e3493f122cac5cda8de2897cc48af0375056949cf00044263d2c929ad55214cacb398a4405164628f9234dcf9ff23af8af60e1f4d0b636c

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      344B

      MD5

      945dff21c52a4e9ff43c9728d1bbcfdf

      SHA1

      815e5aac3c16613936cd4ea61acd27bb756877d0

      SHA256

      509230f05cc40244b8d48ee378f8440f4cea781655d1008eba341e6939c29d12

      SHA512

      5518d4ac37fd7ca2b95719589c94522b73d22cdee6da903e3b6792830b975b578a57058c8fdabfbf26e95b981a3dd0650352067d8c9269c5ba00ad001ae585bf

      Download Submit

    • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
      Filesize

      342B

      MD5

      a18b58d3b926bf512baf6e56acee8682

      SHA1

      869db0079e17c789ed536b8fa903d5febf80db0f

      SHA256

      d8bb6d5a484ba5018505d1ba0e24d94df39e9c37ab1adc8def89b8fe0f8c5c23

      SHA512

      8f9a078250cb5a819d15ab80e53b3ad68aaaeaa44e215a7e04f992368b2f0cc809801534f00505e09fcd2081a92f0dafb7f4f4922abbb1bd2c9e82c0e729fc7f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\p734dsx\imagestore.dat
      Filesize

      9KB

      MD5

      36f92cbe1f807b770767cfcc9864c653

      SHA1

      c8ce28f32b81c51ec1a6719a394da2923b1497e6

      SHA256

      f66a5f552efd2e610e8f489bc1b273f29bb40573ecb1368f3b5b0db78f2d5d7a

      SHA512

      ae8590d4ec0a0d1c901d84e93db747e6288e09fc8666c390a6e54803a4c5c140c5fda769edbc572f82c9cfa44010c94eed934f51b8665785e50565159ca35801

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9ONXID7T\favicon[2].ico
      Filesize

      5KB

      MD5

      f3418a443e7d841097c714d69ec4bcb8

      SHA1

      49263695f6b0cdd72f45cf1b775e660fdc36c606

      SHA256

      6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

      SHA512

      82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DE9Y0H7M\suggestions[1].en-US
      Filesize

      17KB

      MD5

      5a34cb996293fde2cb7a4ac89587393a

      SHA1

      3c96c993500690d1a77873cd62bc639b3a10653f

      SHA256

      c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

      SHA512

      e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\CabF165.tmp
      Filesize

      61KB

      MD5

      fc4666cbca561e864e7fdf883a9e6661

      SHA1

      2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

      SHA256

      10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

      SHA512

      c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\TarF154.tmp
      Filesize

      161KB

      MD5

      73b4b714b42fc9a6aaefd0ae59adb009

      SHA1

      efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

      SHA256

      c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

      SHA512

      73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KJKF6DKX.txt
      Filesize

      604B

      MD5

      70d79961bd85148af427aaf6414f8575

      SHA1

      8c67a2b8e8b41ffce2dfcaa8a0fee0c6914c2d98

      SHA256

      d0d9870af7e63e0029bab3abbff23f2222c45cd0c892751ba3a85008a39b89c2

      SHA512

      3e5f305bcdb9f53da83d699d10d14730b21eabc52123f88ce88e2c54731616d335b01dd33989e86a866979a6d5a109aa140a7000e4e7a4225af066a68048ac30

      Download Submit

    • C:\note.txt
      Filesize

      218B

      MD5

      afa6955439b8d516721231029fb9ca1b

      SHA1

      087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

      SHA256

      8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

      SHA512

      5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

      Download Submit