Overview

overview

10

Static

static

3

cbf3f4ad9a...8a.exe

windows7-x64

10

cbf3f4ad9a...8a.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    169s
  • platform
    windows7_x64
  • resource
    win7-20230220-en
  • resource tags

    arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
  • submitted
    05/05/2023, 19:37

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cbf3f4ad9aa4c04a807f0d5354e387657cdc4cb5fe834b76e4f7aed79f48668a.exe

  • Size

    707KB

  • MD5

    be984f5a48f5d1a41d0642589ce66a74

  • SHA1

    adce4929ec3feb33d98577c22f8fb7e640a69115

  • SHA256

    cbf3f4ad9aa4c04a807f0d5354e387657cdc4cb5fe834b76e4f7aed79f48668a

  • SHA512

    f8a0e5725d0ebc720f0f867857f0e7fff10e410a9822a75ebee193e74f494341a32b40925cafa2273586591c2f58804982ec2b51d6be8c5ea0c1801b4f8f90ad

  • SSDEEP

    12288:oy90RN1qsMOdo1MNFFaaPlcZgbTgQ/TTdnRUmJiSxAJmTfctYS4GQ:oyO1qsx0MRf9cZgbTLhRx92tYOQ

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 8 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 21 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\cbf3f4ad9aa4c04a807f0d5354e387657cdc4cb5fe834b76e4f7aed79f48668a.exe
    "C:\Users\Admin\AppData\Local\Temp\cbf3f4ad9aa4c04a807f0d5354e387657cdc4cb5fe834b76e4f7aed79f48668a.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un233350.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un233350.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:912
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\14336960.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\14336960.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Loads dropped DLL
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:576
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk579539.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk579539.exe
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of AdjustPrivilegeToken
        PID:1752

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un233350.exe
    Filesize

    553KB

    MD5

    0bb9522c5c378737556d286e7df4778b

    SHA1

    02ac5517766abac08c06209d5db58ebfaf0ef950

    SHA256

    f6b1bd64207786c36be158098b1bf2bc31a95c8b3e514ef1f40fa404408ef536

    SHA512

    0be6de8fa40f88b1b9e9ab56e9153b7d6a09833b1769e601c8e6b5443981e42591e5aad37b9cef67e60f2c93570446a071d672d7cb14b71a13ffeef690e27b63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un233350.exe
    Filesize

    553KB

    MD5

    0bb9522c5c378737556d286e7df4778b

    SHA1

    02ac5517766abac08c06209d5db58ebfaf0ef950

    SHA256

    f6b1bd64207786c36be158098b1bf2bc31a95c8b3e514ef1f40fa404408ef536

    SHA512

    0be6de8fa40f88b1b9e9ab56e9153b7d6a09833b1769e601c8e6b5443981e42591e5aad37b9cef67e60f2c93570446a071d672d7cb14b71a13ffeef690e27b63

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\14336960.exe
    Filesize

    258KB

    MD5

    8ff41f40c7c8b23d5dd0ecb9a888a48c

    SHA1

    c28f0da22bbee700d4b5e23c123e1935a7b52b68

    SHA256

    eec0a44ea91176c893226eda20dd643afc88cd9d08406f206191bfdb71f36714

    SHA512

    f673555d4ecd11662e26912114f70dd4b90012b6d51e6130a13607106b63ca044ca23daf51221db49072d7ba5e5bf9bf3cdac85a25b801cce4f867709889eabe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\14336960.exe
    Filesize

    258KB

    MD5

    8ff41f40c7c8b23d5dd0ecb9a888a48c

    SHA1

    c28f0da22bbee700d4b5e23c123e1935a7b52b68

    SHA256

    eec0a44ea91176c893226eda20dd643afc88cd9d08406f206191bfdb71f36714

    SHA512

    f673555d4ecd11662e26912114f70dd4b90012b6d51e6130a13607106b63ca044ca23daf51221db49072d7ba5e5bf9bf3cdac85a25b801cce4f867709889eabe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\14336960.exe
    Filesize

    258KB

    MD5

    8ff41f40c7c8b23d5dd0ecb9a888a48c

    SHA1

    c28f0da22bbee700d4b5e23c123e1935a7b52b68

    SHA256

    eec0a44ea91176c893226eda20dd643afc88cd9d08406f206191bfdb71f36714

    SHA512

    f673555d4ecd11662e26912114f70dd4b90012b6d51e6130a13607106b63ca044ca23daf51221db49072d7ba5e5bf9bf3cdac85a25b801cce4f867709889eabe

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk579539.exe
    Filesize

    353KB

    MD5

    71a3bff7c6570a9d5003296521bc993b

    SHA1

    a11b67ef1aa624797c57b9b5b16f044658a849a0

    SHA256

    111a9e80a575667842d690bd56dae1b8e76d7cc37855722f229d26d6db154cbf

    SHA512

    869447569cf1ae863645d44c83660003f851b2388f0e58eda861f49b4ee3d172f32536a0bfb077f802915ae47c43a10730ca03b4e17d938714f75190c2474f13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk579539.exe
    Filesize

    353KB

    MD5

    71a3bff7c6570a9d5003296521bc993b

    SHA1

    a11b67ef1aa624797c57b9b5b16f044658a849a0

    SHA256

    111a9e80a575667842d690bd56dae1b8e76d7cc37855722f229d26d6db154cbf

    SHA512

    869447569cf1ae863645d44c83660003f851b2388f0e58eda861f49b4ee3d172f32536a0bfb077f802915ae47c43a10730ca03b4e17d938714f75190c2474f13

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk579539.exe
    Filesize

    353KB

    MD5

    71a3bff7c6570a9d5003296521bc993b

    SHA1

    a11b67ef1aa624797c57b9b5b16f044658a849a0

    SHA256

    111a9e80a575667842d690bd56dae1b8e76d7cc37855722f229d26d6db154cbf

    SHA512

    869447569cf1ae863645d44c83660003f851b2388f0e58eda861f49b4ee3d172f32536a0bfb077f802915ae47c43a10730ca03b4e17d938714f75190c2474f13

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\un233350.exe
    Filesize

    553KB

    MD5

    0bb9522c5c378737556d286e7df4778b

    SHA1

    02ac5517766abac08c06209d5db58ebfaf0ef950

    SHA256

    f6b1bd64207786c36be158098b1bf2bc31a95c8b3e514ef1f40fa404408ef536

    SHA512

    0be6de8fa40f88b1b9e9ab56e9153b7d6a09833b1769e601c8e6b5443981e42591e5aad37b9cef67e60f2c93570446a071d672d7cb14b71a13ffeef690e27b63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP000.TMP\un233350.exe
    Filesize

    553KB

    MD5

    0bb9522c5c378737556d286e7df4778b

    SHA1

    02ac5517766abac08c06209d5db58ebfaf0ef950

    SHA256

    f6b1bd64207786c36be158098b1bf2bc31a95c8b3e514ef1f40fa404408ef536

    SHA512

    0be6de8fa40f88b1b9e9ab56e9153b7d6a09833b1769e601c8e6b5443981e42591e5aad37b9cef67e60f2c93570446a071d672d7cb14b71a13ffeef690e27b63

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\14336960.exe
    Filesize

    258KB

    MD5

    8ff41f40c7c8b23d5dd0ecb9a888a48c

    SHA1

    c28f0da22bbee700d4b5e23c123e1935a7b52b68

    SHA256

    eec0a44ea91176c893226eda20dd643afc88cd9d08406f206191bfdb71f36714

    SHA512

    f673555d4ecd11662e26912114f70dd4b90012b6d51e6130a13607106b63ca044ca23daf51221db49072d7ba5e5bf9bf3cdac85a25b801cce4f867709889eabe

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\14336960.exe
    Filesize

    258KB

    MD5

    8ff41f40c7c8b23d5dd0ecb9a888a48c

    SHA1

    c28f0da22bbee700d4b5e23c123e1935a7b52b68

    SHA256

    eec0a44ea91176c893226eda20dd643afc88cd9d08406f206191bfdb71f36714

    SHA512

    f673555d4ecd11662e26912114f70dd4b90012b6d51e6130a13607106b63ca044ca23daf51221db49072d7ba5e5bf9bf3cdac85a25b801cce4f867709889eabe

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\14336960.exe
    Filesize

    258KB

    MD5

    8ff41f40c7c8b23d5dd0ecb9a888a48c

    SHA1

    c28f0da22bbee700d4b5e23c123e1935a7b52b68

    SHA256

    eec0a44ea91176c893226eda20dd643afc88cd9d08406f206191bfdb71f36714

    SHA512

    f673555d4ecd11662e26912114f70dd4b90012b6d51e6130a13607106b63ca044ca23daf51221db49072d7ba5e5bf9bf3cdac85a25b801cce4f867709889eabe

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\rk579539.exe
    Filesize

    353KB

    MD5

    71a3bff7c6570a9d5003296521bc993b

    SHA1

    a11b67ef1aa624797c57b9b5b16f044658a849a0

    SHA256

    111a9e80a575667842d690bd56dae1b8e76d7cc37855722f229d26d6db154cbf

    SHA512

    869447569cf1ae863645d44c83660003f851b2388f0e58eda861f49b4ee3d172f32536a0bfb077f802915ae47c43a10730ca03b4e17d938714f75190c2474f13

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\rk579539.exe
    Filesize

    353KB

    MD5

    71a3bff7c6570a9d5003296521bc993b

    SHA1

    a11b67ef1aa624797c57b9b5b16f044658a849a0

    SHA256

    111a9e80a575667842d690bd56dae1b8e76d7cc37855722f229d26d6db154cbf

    SHA512

    869447569cf1ae863645d44c83660003f851b2388f0e58eda861f49b4ee3d172f32536a0bfb077f802915ae47c43a10730ca03b4e17d938714f75190c2474f13

    Download Submit

  • \Users\Admin\AppData\Local\Temp\IXP001.TMP\rk579539.exe
    Filesize

    353KB

    MD5

    71a3bff7c6570a9d5003296521bc993b

    SHA1

    a11b67ef1aa624797c57b9b5b16f044658a849a0

    SHA256

    111a9e80a575667842d690bd56dae1b8e76d7cc37855722f229d26d6db154cbf

    SHA512

    869447569cf1ae863645d44c83660003f851b2388f0e58eda861f49b4ee3d172f32536a0bfb077f802915ae47c43a10730ca03b4e17d938714f75190c2474f13

    Download Submit

  • memory/576-111-0x0000000000400000-0x0000000002B9B000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/576-89-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-91-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-95-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-93-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-99-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-97-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-103-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-101-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-107-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-105-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-108-0x0000000000240000-0x000000000026D000-memory.dmp

    Filesize

    180KB

    Download

  • memory/576-109-0x0000000007170000-0x00000000071B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/576-110-0x0000000007170000-0x00000000071B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/576-87-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-112-0x0000000007170000-0x00000000071B0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/576-114-0x0000000000400000-0x0000000002B9B000-memory.dmp

    Filesize

    39.6MB

    Download

  • memory/576-81-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-83-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-85-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-80-0x0000000002F80000-0x0000000002F93000-memory.dmp

    Filesize

    76KB

    Download

  • memory/576-79-0x0000000002F80000-0x0000000002F98000-memory.dmp

    Filesize

    96KB

    Download

  • memory/576-78-0x00000000003E0000-0x00000000003FA000-memory.dmp

    Filesize

    104KB

    Download

  • memory/1752-125-0x0000000004750000-0x000000000478C000-memory.dmp

    Filesize

    240KB

    Download

  • memory/1752-126-0x0000000004840000-0x000000000487A000-memory.dmp

    Filesize

    232KB

    Download

  • memory/1752-128-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-130-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-127-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-136-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-134-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-132-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-138-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-140-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-142-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-144-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-150-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-152-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-148-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-146-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-154-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-156-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-158-0x0000000004840000-0x0000000004875000-memory.dmp

    Filesize

    212KB

    Download

  • memory/1752-163-0x0000000000270000-0x00000000002B6000-memory.dmp

    Filesize

    280KB

    Download

  • memory/1752-165-0x0000000007260000-0x00000000072A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1752-922-0x0000000007260000-0x00000000072A0000-memory.dmp

    Filesize

    256KB

    Download

  • memory/1752-925-0x0000000007260000-0x00000000072A0000-memory.dmp

    Filesize

    256KB

    Download