Overview

overview

7

Static

static

7

35733476c9...07.exe

windows7-x64

7

35733476c9...07.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    150s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20230621-en
  • resource tags

    arch:x64arch:x86image:win7-20230621-enlocale:en-usos:windows7-x64system
  • submitted
    23-06-2023 19:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe

  • Size

    2.2MB

  • MD5

    4f9f6ae17f803c184847337451fa1ca9

  • SHA1

    3b051fa1afa3d98d7abecab816d0bac9e51be0aa

  • SHA256

    35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07

  • SHA512

    b98d78494f82307f187fdfbccc875fc8ce4bf6bec1d678ad18f4aeae79dddd402690b5b2c2d5accf1393f018cbca7f264cbd3fd3bce4fc349b27145f6ec052ae

  • SSDEEP

    49152:XeE2JNiuIdtb7mqxw1P3UbtibDk8eO1q+UTJHwnS891AeE7:XN4NiuwORUbtAeO1qP98j9H

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe
    "C:\Users\Admin\AppData\Local\Temp\35733476c922b4e175cc3fef6d890746c29c8de26fad88b01ba33a3d9a272b07.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1360

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • \Users\Admin\AppData\Local\Temp\God.dll
    Filesize

    6KB

    MD5

    d7a9b68b82f181f086db867c9cbf79a2

    SHA1

    8ab3bd43e1b5e2b9865be460b8ce7ed68311df05

    SHA256

    38ac81b23cbd826f6a7ae115366565c00cabf3433bf1956dfc1154150f251cd0

    SHA512

    f49ebdedb6329ebfd5120df7466a41164603750d4803de1a01f13c66e33d870d79ea92c8580eba821ea14c577aa9650b03ea321853b3ed9d281b39491e6b4cc7

    Download Submit
  • memory/1360-54-0x00000000009D0000-0x0000000001032000-memory.dmp
    Filesize

    6.4MB

    Download
  • memory/1360-55-0x00000000009D0000-0x0000000001032000-memory.dmp
    Filesize

    6.4MB

    Download
  • memory/1360-57-0x00000000009D0000-0x0000000001032000-memory.dmp
    Filesize

    6.4MB

    Download
  • memory/1360-56-0x00000000009D0000-0x0000000001032000-memory.dmp
    Filesize

    6.4MB

    Download
  • memory/1360-63-0x0000000002750000-0x0000000002760000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1360-64-0x00000000009D0000-0x0000000001032000-memory.dmp
    Filesize

    6.4MB

    Download
  • memory/1360-69-0x00000000009D0000-0x0000000001032000-memory.dmp
    Filesize

    6.4MB

    Download
  • memory/1360-77-0x0000000002750000-0x0000000002760000-memory.dmp
    Filesize

    64KB

    Download
  • memory/1360-80-0x00000000009D0000-0x0000000001032000-memory.dmp
    Filesize

    6.4MB

    Download