Overview

overview

10

Static

static

3

0761a640d2...9a.exe

windows10-2004-x64

10

Resubmissions

02/07/2023, 11:24

230702-nhn1asbc93 10

02/07/2023, 11:13

230702-nbes2sbc74 10

Analysis

  • max time kernel
    150s
  • max time network
    142s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230621-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/07/2023, 11:24

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0761a640d2bd3ec40745af1df8780febf347dff79a89ed3a67b95bf68b59cb9a.exe

  • Size

    1.6MB

  • MD5

    160b58b58d0c37944ad030dc27548c11

  • SHA1

    91f0e5896a9f30cd4294c9389cbbd7572e6264e5

  • SHA256

    e036ae5b66f446b921133e33d7b8e9f9aa4acb40aba12a5987150127611bf7fb

  • SHA512

    104219beea895629976cdf307433b42f7bf3d49bf8a5353eaa3139d970ffd9fe7f909d144b0bcbca57a1525543102dba6a05f24f6ecfb7faa7b8f896adc4f756

  • SSDEEP

    49152:55tLuoO1/5ZGiqE0tixMUsMS5zDCsRXrciTtMJm2/O3YI:zvOl58VdtiDs3JXr7hMJRm3YI

Score
10/10
persistence

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Drops file in System32 directory 64 IoCs
  • Gathers network information 2 TTPs 1 IoCs

    Uses commandline utility to view network configuration.

  • Gathers system information 1 TTPs 1 IoCs

    Runs systeminfo.exe.

  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0761a640d2bd3ec40745af1df8780febf347dff79a89ed3a67b95bf68b59cb9a.exe
    "C:\Users\Admin\AppData\Local\Temp\0761a640d2bd3ec40745af1df8780febf347dff79a89ed3a67b95bf68b59cb9a.exe"
    1⤵
    • Modifies WinLogon for persistence
    • Drops file in System32 directory
    PID:780
  • C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4792
    • C:\Windows\system32\systeminfo.exe
      systeminfo
      2⤵
      • Gathers system information
      PID:3992
    • C:\Windows\system32\ipconfig.exe
      ipconfig
      2⤵
      • Gathers network information
      PID:4552

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\SysWOW64\DC++ Share\RCX310F.tmp
    Filesize

    62KB

    MD5

    b126345317624479f78fbf30b3a1fe5a

    SHA1

    655c966bf7bbf96ee49c83062d30b9dba17d693c

    SHA256

    8723d2d97d52f6d3b63968594c93bf2c5b5300b306c9670be4616cb134964301

    SHA512

    d0be6d608b5f4e482287d16e6587e00be1b4390f78efc3ce63008f99be7358e65f0eef9eba330d845462b64fa7a86cc3f1395b863ad0f8d01c0b790fc2f4c02d

    Download Submit

  • C:\Windows\SysWOW64\xdccPrograms\7zFM.exe
    Filesize

    1.6MB

    MD5

    160b58b58d0c37944ad030dc27548c11

    SHA1

    91f0e5896a9f30cd4294c9389cbbd7572e6264e5

    SHA256

    e036ae5b66f446b921133e33d7b8e9f9aa4acb40aba12a5987150127611bf7fb

    SHA512

    104219beea895629976cdf307433b42f7bf3d49bf8a5353eaa3139d970ffd9fe7f909d144b0bcbca57a1525543102dba6a05f24f6ecfb7faa7b8f896adc4f756

    Download Submit

  • memory/780-155-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-160-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-153-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-156-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-157-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-158-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-159-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-154-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-162-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-163-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-152-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-242-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-243-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download

  • memory/780-244-0x0000000000400000-0x0000000000417000-memory.dmp

    Filesize

    92KB

    Download