Overview

overview

7

Static

static

3

05cae3ea15...ex.exe

windows7-x64

7

05cae3ea15...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    132s
  • max time network
    79s
  • platform
    windows7_x64
  • resource
    win7-20230705-en
  • resource tags

    arch:x64arch:x86image:win7-20230705-enlocale:en-usos:windows7-x64system
  • submitted
    05/07/2023, 15:09

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    05cae3ea153097exeexeexeex.exe

  • Size

    288KB

  • MD5

    05cae3ea15309734841f462b03d146f1

  • SHA1

    4e086d09d143380b7d4d41e104bba8ca4a7b795e

  • SHA256

    efbbf54bc486cff0a0ee6208376ed807fa3e6e0a63d38c17848b712ba6dff7eb

  • SHA512

    6c43886a6a460538890f11799b7b1d3be0326b5f8a582eb1c80cff89dbfa2e605e9721582ed5694e422ab482d0d30c6bb97a22b1364154506cc343629724c2ad

  • SSDEEP

    6144:HQ+Tyfx4NF67Sbq2nW82X45gc3BaLZVS0mOoC8zbzDie:HQMyfmNFHfnWfhLZVHmOog

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\05cae3ea153097exeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\05cae3ea153097exeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2968
      • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe"
        3⤵
        • Executes dropped EXE
        PID:2220

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
          Filesize

          288KB

          MD5

          824ff4c82f78d63d491b8f0c78eaa0f8

          SHA1

          e77b158a7a1ce337231de0344e5565c12f85038b

          SHA256

          c3fe9234e8010e6207110bef6bb72dd85cb3c0a6adc2b061b151a0d4101f2c10

          SHA512

          c35ce16b3dd41d92e72fc1de06b56292d20ff65059459901f953d5dfb1f524500177db73838111d1a9f0b2fc390b6433201d17b18cfa14bd5776e90947f9e1be

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
          Filesize

          288KB

          MD5

          824ff4c82f78d63d491b8f0c78eaa0f8

          SHA1

          e77b158a7a1ce337231de0344e5565c12f85038b

          SHA256

          c3fe9234e8010e6207110bef6bb72dd85cb3c0a6adc2b061b151a0d4101f2c10

          SHA512

          c35ce16b3dd41d92e72fc1de06b56292d20ff65059459901f953d5dfb1f524500177db73838111d1a9f0b2fc390b6433201d17b18cfa14bd5776e90947f9e1be

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
          Filesize

          288KB

          MD5

          824ff4c82f78d63d491b8f0c78eaa0f8

          SHA1

          e77b158a7a1ce337231de0344e5565c12f85038b

          SHA256

          c3fe9234e8010e6207110bef6bb72dd85cb3c0a6adc2b061b151a0d4101f2c10

          SHA512

          c35ce16b3dd41d92e72fc1de06b56292d20ff65059459901f953d5dfb1f524500177db73838111d1a9f0b2fc390b6433201d17b18cfa14bd5776e90947f9e1be

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
          Filesize

          288KB

          MD5

          824ff4c82f78d63d491b8f0c78eaa0f8

          SHA1

          e77b158a7a1ce337231de0344e5565c12f85038b

          SHA256

          c3fe9234e8010e6207110bef6bb72dd85cb3c0a6adc2b061b151a0d4101f2c10

          SHA512

          c35ce16b3dd41d92e72fc1de06b56292d20ff65059459901f953d5dfb1f524500177db73838111d1a9f0b2fc390b6433201d17b18cfa14bd5776e90947f9e1be

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
          Filesize

          288KB

          MD5

          824ff4c82f78d63d491b8f0c78eaa0f8

          SHA1

          e77b158a7a1ce337231de0344e5565c12f85038b

          SHA256

          c3fe9234e8010e6207110bef6bb72dd85cb3c0a6adc2b061b151a0d4101f2c10

          SHA512

          c35ce16b3dd41d92e72fc1de06b56292d20ff65059459901f953d5dfb1f524500177db73838111d1a9f0b2fc390b6433201d17b18cfa14bd5776e90947f9e1be

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
          Filesize

          288KB

          MD5

          824ff4c82f78d63d491b8f0c78eaa0f8

          SHA1

          e77b158a7a1ce337231de0344e5565c12f85038b

          SHA256

          c3fe9234e8010e6207110bef6bb72dd85cb3c0a6adc2b061b151a0d4101f2c10

          SHA512

          c35ce16b3dd41d92e72fc1de06b56292d20ff65059459901f953d5dfb1f524500177db73838111d1a9f0b2fc390b6433201d17b18cfa14bd5776e90947f9e1be

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\Posix\taskhostsys.exe
          Filesize

          288KB

          MD5

          824ff4c82f78d63d491b8f0c78eaa0f8

          SHA1

          e77b158a7a1ce337231de0344e5565c12f85038b

          SHA256

          c3fe9234e8010e6207110bef6bb72dd85cb3c0a6adc2b061b151a0d4101f2c10

          SHA512

          c35ce16b3dd41d92e72fc1de06b56292d20ff65059459901f953d5dfb1f524500177db73838111d1a9f0b2fc390b6433201d17b18cfa14bd5776e90947f9e1be

          Download Submit