Overview

overview

10

Static

static

3

05bb62bbaa...1e.exe

windows7-x64

10

05bb62bbaa...1e.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    243s
  • max time network
    281s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230221-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
  • submitted
    06/05/2023, 22:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    05bb62bbaa282acf86235145f2598c708c06dd1cd5adbf230688296be6689b1e.exe

  • Size

    702KB

  • MD5

    009136149d2a77d34490ae96acf77a9f

  • SHA1

    9fe056389f88a5f1b7923a210521d4ff5ca63113

  • SHA256

    05bb62bbaa282acf86235145f2598c708c06dd1cd5adbf230688296be6689b1e

  • SHA512

    a9fc78f2931fdefdaec8efdbe122b2f949afbcaefb6492cd9e8fbf34e2f42b7087607cff663aeb5c831bb94befcd45e2e3219a2129bc783777e9ba6ecf4e622d

  • SSDEEP

    12288:sy901Ll5xHgC2eews+KBEk1kDJjIEPA92x/H9HXQbEZ0r7eaIiVSstVj:syyJeXBB18tLY92x/H9HAbPKqXv

Score
10/10
evasionpersistencetrojan

Malware Config

Signatures

  • Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs
    evasiontrojan
  • Executes dropped EXE 2 IoCs
  • Windows security modification 2 TTPs 2 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 6 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05bb62bbaa282acf86235145f2598c708c06dd1cd5adbf230688296be6689b1e.exe
    "C:\Users\Admin\AppData\Local\Temp\05bb62bbaa282acf86235145f2598c708c06dd1cd5adbf230688296be6689b1e.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:1104
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un842424.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un842424.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of WriteProcessMemory
      PID:4184
      • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pr532987.exe
        C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pr532987.exe
        3⤵
        • Modifies Windows Defender Real-time Protection settings
        • Executes dropped EXE
        • Windows security modification
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1960

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un842424.exe
          Filesize

          548KB

          MD5

          285b0b66f013b9fbdaad94d16557f499

          SHA1

          d04c84e238a46173ffb789468725511d0fdd600f

          SHA256

          5f5864a574e6e157a62e09d813610eede05c8bdee790060e53c29fbdfa7c38ae

          SHA512

          71f4438894c21a53003ad2164f5fd3a237f3167c1b65090572149dc5ef453fb97dd1d0c74301b3a3dce41993c82edc6e910da7cabe4679652f07fd9bf0bd2d90

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un842424.exe
          Filesize

          548KB

          MD5

          285b0b66f013b9fbdaad94d16557f499

          SHA1

          d04c84e238a46173ffb789468725511d0fdd600f

          SHA256

          5f5864a574e6e157a62e09d813610eede05c8bdee790060e53c29fbdfa7c38ae

          SHA512

          71f4438894c21a53003ad2164f5fd3a237f3167c1b65090572149dc5ef453fb97dd1d0c74301b3a3dce41993c82edc6e910da7cabe4679652f07fd9bf0bd2d90

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pr532987.exe
          Filesize

          278KB

          MD5

          631e45cffddbc4bde69f30a01d2fe053

          SHA1

          bd28628f772461c12fea699c7519885e0d167b83

          SHA256

          fe2808cb4f1599077cc6cc01d3bdccacd090902ea9cfe1d1f44e8ccd3e381587

          SHA512

          56425f27b3d740639116ebcb4e35dfb73e132e5acd7adb221624b03c4e61f670575bd87ba59f6fe45f3da1cbcfc0cd3ca5341610b98305826585f8f54383bf33

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\pr532987.exe
          Filesize

          278KB

          MD5

          631e45cffddbc4bde69f30a01d2fe053

          SHA1

          bd28628f772461c12fea699c7519885e0d167b83

          SHA256

          fe2808cb4f1599077cc6cc01d3bdccacd090902ea9cfe1d1f44e8ccd3e381587

          SHA512

          56425f27b3d740639116ebcb4e35dfb73e132e5acd7adb221624b03c4e61f670575bd87ba59f6fe45f3da1cbcfc0cd3ca5341610b98305826585f8f54383bf33

          Download Submit

        • memory/1960-148-0x0000000002C80000-0x0000000002CAD000-memory.dmp

          Filesize

          180KB

          Download

        • memory/1960-149-0x0000000000400000-0x0000000002BAF000-memory.dmp

          Filesize

          39.7MB

          Download

        • memory/1960-150-0x0000000002C80000-0x0000000002CAD000-memory.dmp

          Filesize

          180KB

          Download

        • memory/1960-151-0x0000000000400000-0x0000000002BAF000-memory.dmp

          Filesize

          39.7MB

          Download

        • memory/1960-152-0x0000000007390000-0x0000000007934000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/1960-153-0x0000000007380000-0x0000000007390000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1960-154-0x0000000007380000-0x0000000007390000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1960-155-0x0000000000400000-0x0000000002BAF000-memory.dmp

          Filesize

          39.7MB

          Download

        • memory/1960-156-0x0000000007380000-0x0000000007390000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1960-157-0x0000000007380000-0x0000000007390000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1960-163-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-162-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-165-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-167-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-169-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-171-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-173-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-175-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-177-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-179-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-181-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-183-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-185-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-187-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download

        • memory/1960-189-0x0000000004CB0000-0x0000000004CC2000-memory.dmp

          Filesize

          72KB

          Download