8707980a07eba197631c585e0731f2329b004231809261426b11654b19524bf1

Analysis

max time kernel
112s
max time network
32s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
27/05/2023, 02:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Castle+of+succubus.exe
Size

100.0MB
MD5

14ee9bbdcc8b0f049d93cef94d7bfa40
SHA1

6800ab7c4c230fa36452c809b208b131c1c0b7ea
SHA256

8707980a07eba197631c585e0731f2329b004231809261426b11654b19524bf1
SHA512

b95432ee59e36ca074fb89640d126b9c92e9525024f2681dc780e42caef794b0471b5bb54806b688f7f9bfcd555cadabc2ab6d50f936957ecd576409c908886a
SSDEEP

1572864:16B8Jd1xPOdOGGOnl+hn+R0UgtrX6uzQIQexGvY0/E0RNeEEi2CiJKIXUo9KdSjs:q6ulm/X6uMIR0M0TfUJKYUIjPy3a8t

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 16 IoCs

pid	Process
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1464	Castle+of+succubus.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1464	Castle+of+succubus.exe
1464	Castle+of+succubus.exe

C:\Users\Admin\AppData\Local\Temp\Castle+of+succubus.exe
"C:\Users\Admin\AppData\Local\Temp\Castle+of+succubus.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x530
1⤵
PID:1704

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

\Users\Admin\AppData\Local\Temp\mrt342B.tmp\aviflt.ift

Filesize
24KB

MD5
bcb767b3dd8769c14eeb15d44e3e8ee2

SHA1
25c652e80a3d1892f6b351f6bcdd3e950b10af9c

SHA256
0eeffe2fa3c93f3ef62ec357b481d6caac0d3d190fb997ebea623dc5fd674f8c

SHA512
2a652d40030b91366fd3fdec8611bfb4643e8f41ac723e513b9e5a5b583c7cf1f11768d41d9379d43f953d748eecca0dd84406af9e03a704cb80e9b87d4a0968

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\bmpflt.ift

Filesize
24KB

MD5
ec49eb9e3ce55277caca4acce5080669

SHA1
1e891bf4b6e4db661bf2bc2311f1fb4002f9216b

SHA256
b7eb74b793f9fb30439e54af504eefee675e73ec8342bd1be784225ded98cdf4

SHA512
0d27400209366117b868401098fbbb2bdfb6115db7570eeb874a43e9e072b9ba5b082ff46b5bca9ce8119d0dc2ebd14e3aff2ad78ae324ef6e508c5e9b8ced44

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\fliflt.ift

Filesize
28KB

MD5
0eca70c6c3683aeeed66be7bf98efbcf

SHA1
ab8a7da460e4cf816e7b798d37305b0e5d3a3761

SHA256
4fff120c0c69c1c853cbb5ff83f16a199bc2e4f45c6f8c564b22c3c10b546732

SHA512
0959e988be75d1e99be9a7a93d3c25909acb4c5bcf869e67a1fc814a5575435ffc78c6bf055b495e9b8d2a2952c5636e52478c4d060074b2ca71c07af43f307e

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\gifflt.ift

Filesize
28KB

MD5
6e2b70b830863820e9d6750ac7f7b9e1

SHA1
1d4ddc85bc8dd853e95a65822d0d1966ec602979

SHA256
4aa6628517c02816f033d79d386d7d817e7df74fe8cfae351312069fd4c61471

SHA512
7f3164202576f1b68f1197fa94423d28edd2d279f11c463c4c1f84ef0f075a4c9fd2c009184b18649b0e15fb7354f80a31e66e847be6fb6e18dc1eaff1a40719

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\jpgflt.ift

Filesize
92KB

MD5
1b8c0407f421ae454eef87edb2264698

SHA1
e248285cdf8691d56243a81000fd667f84ff9550

SHA256
23a54d3586092ccd82bc42bdab0c5ece75f68d1f6313e717a815746b38a7f857

SHA512
a9fe4b02d6c58c590c051ed0b9375793cd22c56986072895e988c554d265f4243b45c8569dd300fe5c080c5a9addb5d7faab654a2be375992cbbaec8c94469d8

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\kcini.mfx

Filesize
28KB

MD5
6464b32ef16f0026334fbd2a8f2b6b62

SHA1
efd9199bdf6e056d446efa32700fc00f27782d31

SHA256
a0bc50d0fc19e83a7ce7892c29540818a47a2085ae512bf102d2891ee59a81d3

SHA512
11d9c94c3bbf9d659f82d06492216f150025c4cd9129f887b19cf1cac4e9fbb779c48e4405a6821ac559bcad167e415243d043d52e492453d2f507d1c1a61c0b

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\kcpica.mfx

Filesize
32KB

MD5
a387a9ae138592cbf429ef65f075ff28

SHA1
b195a0b9916425d57893e2615d9f8ef4800768c1

SHA256
d2b2c0eff67ced9293a3a46b7289df410e24a4dfda950b19f0d6c86fe7b4b66d

SHA512
51e7e0c820aa6e606d31bdeaa71f2289eea31ff9ebec56adca6b023db694597c1f16882f046b06118a7baac3123cfa1ea5da4588b4267cee8af88ae4f4c49c1d

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\kcpict.mfx

Filesize
24KB

MD5
ce685843b221b5f854ea99a9d5e5426c

SHA1
a3fa2dcd3eb75d5cf00ddced78299212b5b74a43

SHA256
7710280334cdb643ff8b10d1bc3c26fb87f7254f1cea983c13b225a294d4047b

SHA512
85837b8d10ac952b8daf7e18f08b311b80eb7c3964595208588185f9723b6496a46fd287073412a84ab9589ae5bf8a85eda5768508ec59dbd2dbad536911a57a

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\kcwctrl.mfx

Filesize
12KB

MD5
14e1d33e5c9db83a0dc3101f712b2802

SHA1
37eb0cfc5336681275b9c4e0badc7e25018336bb

SHA256
2f0f00f42917792c0c3ae4640009dedee3c96408173211e44cbbdd6a04f4afad

SHA512
0c0524b2a2b4f64592bd96486cac5f080adbe8971c8d84d6d240656420c01bcb53d12044a8fab220ab5ec34d3978a81e1d2cc76306153a176a57e88a035372a5

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
280eccc6206500938ac9daa5baadbf1a

SHA1
19217ffbfa924b795a90fddfc3c5a1e4e0e88301

SHA256
ca8b234eb31dae750b33f89aab906362c898074e32e9042ea8fdf50cec2d5766

SHA512
913fff38b373dc37dbca9eec8d3b164c2613a02ba34abcbbd5de06c67407e0a2fa7fac5e1d1a6adaa772138a21343594fdcb08ddea67431081f81ea6f13da58d

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\mmfs2.dll

Filesize
459KB

MD5
4c240ac059ebca98706100798ab42133

SHA1
28fbb81a59fc892c58ea9c0b9277a0181de0c523

SHA256
3d81578a59699b82d812c59db7ef03b141da1700dc2ef20c5728feb83af08e4b

SHA512
5869f161de4df77c53631b82b6ebfca8cf71749592c0c83a6a1f3683c52c0e6ac5c764df3bc2d19db7fb84f9635abfd235d0c57ca7c6827930bb48eeb4dc7a59

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\mp3flt.sft

Filesize
24KB

MD5
7beafd3ec0c36a1422387c43c49f68ff

SHA1
240e7d8534ed25dffb902a969826f4300a88dde6

SHA256
cd5bd7cc59eaf42bc0edf418ce6f077f9db369d5e3c414107b82492a877a6176

SHA512
44101803bd757bb7a84577aa1c087472a619da732dcdb3947b683cd7a7df30931e4c9973e06532859f9654c4ad3635db205e41fc7214a0f52537be91e87b2734

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\pcxflt.ift

Filesize
24KB

MD5
dbe5395c9508ef6f4a8cbe3973051a80

SHA1
9b0d43f5ea8c11430aca42dfc381c82e557e31dd

SHA256
81ce5610214cc648f6e968af8f31c1bce0430e4e9dc4427bba743bc6aadcba4e

SHA512
c58dd464e755f77ea5da06ca70aa046e88d6a6543f8f0fe29ac16b0d2fc28cebd4a209c6ed1b059f09fe0d6b220e9e01f8c29c29b8336c8c0f1f20a1f99e6a91

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\pngflt.ift

Filesize
80KB

MD5
95e9db64a6248b00bfb42c2fde7e442b

SHA1
a437b1c8b5a96bc58ff339007243d7be98591307

SHA256
7bdae43096b32eb072731a93e6423a848459f385a2f5859629af40e389273f7d

SHA512
cfaaeab68ec6af3809a880a7abe65c33d8a91c9acd661c552e887b35b5f3426e278fd75aa02f95cc6c63c249474d7be6e57cc10329edb1fed05b4a7e614fc15e

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\tgaflt.ift

Filesize
24KB

MD5
47ae23e71eb7daf3ea31cc2110421489

SHA1
c03222469db64ef595afab571ef753af77996e4e

SHA256
bbfd34aa3f6a66e59f06e30103c6248eee54896364ee0c714819b9286b985880

SHA512
f1d33dab09b8c3913f629d459df64b8ddd237eaa7e9a4a136f20e3d7e3f50fa1b0b3bcda1baf4b5851ee726f961e16e6e8dd28b3b77578bc2a64a2c01a4deb4c

Download Submit
\Users\Admin\AppData\Local\Temp\mrt342B.tmp\waveflt.sft

Filesize
8KB

MD5
f76739536860a0bdb4a7e3bbb0c06d08

SHA1
b21581aa36eda87db8845caf58c668749e26b29f

SHA256
41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

SHA512
6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

Download Submit
memory/1464-616-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-615-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-626-0x0000000074FA0000-0x0000000075017000-memory.dmp

Filesize
476KB

Download
memory/1464-627-0x0000000074FA0000-0x0000000075017000-memory.dmp

Filesize
476KB

Download
memory/1464-624-0x0000000074FA0000-0x0000000075017000-memory.dmp

Filesize
476KB

Download
memory/1464-623-0x0000000074FA0000-0x0000000075017000-memory.dmp

Filesize
476KB

Download
memory/1464-622-0x0000000074FA0000-0x0000000075017000-memory.dmp

Filesize
476KB

Download
memory/1464-620-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-618-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-619-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-617-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-625-0x0000000074FA0000-0x0000000075017000-memory.dmp

Filesize
476KB

Download
memory/1464-614-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-613-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-652-0x0000000000490000-0x00000000004A7000-memory.dmp

Filesize
92KB

Download
memory/1464-612-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-610-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-657-0x00000000004C0000-0x00000000004D4000-memory.dmp

Filesize
80KB

Download
memory/1464-611-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-609-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download
memory/1464-608-0x00000000013A0000-0x000000000149D000-memory.dmp

Filesize
1012KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads