Overview

overview

10

Static

static

8

1.rar

windows7-x64

3

1.rar

windows10-2004-x64

3

Ehhbsuuemv.exe

windows7-x64

10

Ehhbsuuemv.exe

windows10-2004-x64

10

GjIEmKW.exe

windows7-x64

10

GjIEmKW.exe

windows10-2004-x64

10

Jtvcsfni.exe

windows7-x64

10

Jtvcsfni.exe

windows10-2004-x64

10

OriginalBuild.exe

windows7-x64

1

OriginalBuild.exe

windows10-2004-x64

8

PUMPED_docc.exe

windows7-x64

10

PUMPED_docc.exe

windows10-2004-x64

10

Servicing-...te.pdf

windows7-x64

1

Servicing-...te.pdf

windows10-2004-x64

1

cgu3.rar

windows7-x64

3

cgu3.rar

windows10-2004-x64

3

debt.rtf.rar

windows7-x64

3

debt.rtf.rar

windows10-2004-x64

3

eeee.dotm

windows7-x64

1

eeee.dotm

windows10-2004-x64

1

egor.dotm

windows7-x64

10

egor.dotm

windows10-2004-x64

10

errr.dotm

windows7-x64

1

errr.dotm

windows10-2004-x64

1

example.dotm

windows7-x64

10

example.dotm

windows10-2004-x64

10

fasfs.dotm

windows7-x64

10

fasfs.dotm

windows10-2004-x64

10

ferrr.dotm

windows7-x64

1

ferrr.dotm

windows10-2004-x64

1

fffffffnew.dotm

windows7-x64

10

fffffffnew.dotm

windows10-2004-x64

10

Analysis

  • max time kernel
    130s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    16/06/2023, 18:36

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    OriginalBuild.exe

  • Size

    2.0MB

  • MD5

    684b5a8761a8cd0314a1121de37a86a7

  • SHA1

    bd46bea31f6ec26ad80bf9bdda6f2b59750a910a

  • SHA256

    1fc6b522a006f923bd3e6d69377bdcbb6d6e733dc4f68f38608f727bf6b0732f

  • SHA512

    d56b3b60d54ad8ac97b3baf3fc4cdf7ee0158dadd23239238d243d445906d30f8246f4053d53fc9b6f04c80d87c43f548e7cca4b424ec34b0474defa785fbb59

  • SSDEEP

    24576:rLdSwtu5mVZJZYDN5ZKGGQz1JLzsrksuN8qYMLDd3eQ3o7glrAbAlA7AIASAWl9W:r6mVZJZYSVgvoklrAbAlA7AIASAzCq

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OriginalBuild.exe
    "C:\Users\Admin\AppData\Local\Temp\OriginalBuild.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:348
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:/Windows/SysWOW64/WindowsPowerShell/v1.0/powershell.exe"
      2⤵
      • Blocklisted process makes network request
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3108

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_xl0ningn.xpf.ps1
          Filesize

          60B

          MD5

          d17fe0a3f47be24a6453e9ef58c94641

          SHA1

          6ab83620379fc69f80c0242105ddffd7d98d5d9d

          SHA256

          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

          SHA512

          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

          Download Submit

        • memory/348-133-0x0000000000440000-0x0000000000648000-memory.dmp

          Filesize

          2.0MB

          Download

        • memory/348-134-0x00000000050B0000-0x0000000005142000-memory.dmp

          Filesize

          584KB

          Download

        • memory/348-135-0x0000000005700000-0x0000000005CA4000-memory.dmp

          Filesize

          5.6MB

          Download

        • memory/348-136-0x00000000056A0000-0x00000000056AA000-memory.dmp

          Filesize

          40KB

          Download

        • memory/348-137-0x0000000007D50000-0x0000000007D60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/348-138-0x0000000007D50000-0x0000000007D60000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3108-144-0x00000000053E0000-0x0000000005402000-memory.dmp

          Filesize

          136KB

          Download

        • memory/3108-156-0x0000000006470000-0x000000000648E000-memory.dmp

          Filesize

          120KB

          Download

        • memory/3108-143-0x0000000002AF0000-0x0000000002B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3108-141-0x0000000005580000-0x0000000005BA8000-memory.dmp

          Filesize

          6.2MB

          Download

        • memory/3108-145-0x0000000005C20000-0x0000000005C86000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3108-146-0x0000000005D80000-0x0000000005DE6000-memory.dmp

          Filesize

          408KB

          Download

        • memory/3108-140-0x0000000002AA0000-0x0000000002AD6000-memory.dmp

          Filesize

          216KB

          Download

        • memory/3108-142-0x0000000002AF0000-0x0000000002B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3108-157-0x00000000075E0000-0x0000000007624000-memory.dmp

          Filesize

          272KB

          Download

        • memory/3108-158-0x0000000007740000-0x00000000077B6000-memory.dmp

          Filesize

          472KB

          Download

        • memory/3108-159-0x0000000002AF0000-0x0000000002B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3108-160-0x0000000007E40000-0x00000000084BA000-memory.dmp

          Filesize

          6.5MB

          Download

        • memory/3108-161-0x00000000077E0000-0x00000000077FA000-memory.dmp

          Filesize

          104KB

          Download

        • memory/3108-162-0x0000000002AF0000-0x0000000002B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3108-163-0x0000000002AF0000-0x0000000002B00000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3108-164-0x0000000002AF0000-0x0000000002B00000-memory.dmp

          Filesize

          64KB

          Download