Overview

overview

7

Static

static

3

92b01ffa08...ex.exe

windows7-x64

7

92b01ffa08...ex.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    131s
  • max time network
    78s
  • platform
    windows7_x64
  • resource
    win7-20230703-en
  • resource tags

    arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
  • submitted
    06/07/2023, 13:39

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    92b01ffa083eefexeexeexeex.exe

  • Size

    327KB

  • MD5

    92b01ffa083eefa04d07dcdaa6151ac7

  • SHA1

    ee00de951e1a72a5b0eac16614d959f7944ef08f

  • SHA256

    928506ecb9b66ce68dff03fe4ea675c0b9670b81d95f7dbab4e5271fe082b38f

  • SHA512

    fa473fcdbd7116cc11d44be5a58ef3e54fc5cbe68be247bbde93db27d0db6be522501f41192b81fba099b8e3416c3764cc653decfbaa45cf430dbdda7d559fdc

  • SSDEEP

    6144:C2+JS2sFafI8U0obHCW/2a7XQcsPMjVWrG8KgbPzDh:C2TFafJiHCWBWPMjVWrXK0

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 28 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\92b01ffa083eefexeexeexeex.exe
    "C:\Users\Admin\AppData\Local\Temp\92b01ffa083eefexeexeexeex.exe"
    1⤵
    • Loads dropped DLL
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2532
    • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
      "C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe" /START "C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:840
      • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
        "C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe"
        3⤵
        • Executes dropped EXE
        PID:3028

Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
          Filesize

          327KB

          MD5

          8b70b00c399aeb69efd9dd7c3019c96e

          SHA1

          f742f0d8490c4bef67a4a763ce1ce896ebc58dac

          SHA256

          9b0941d2052d11b7fef4e093b58f548fc139a210c56917def8fd3f774855f326

          SHA512

          6d1f8a0be884332a73d15f41a50d2f3865321c9766c5568db15ce4f604f0c32711de364ec241e3d2980b27e634eb4876a27fd7392a541ed06be834373a53721c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
          Filesize

          327KB

          MD5

          8b70b00c399aeb69efd9dd7c3019c96e

          SHA1

          f742f0d8490c4bef67a4a763ce1ce896ebc58dac

          SHA256

          9b0941d2052d11b7fef4e093b58f548fc139a210c56917def8fd3f774855f326

          SHA512

          6d1f8a0be884332a73d15f41a50d2f3865321c9766c5568db15ce4f604f0c32711de364ec241e3d2980b27e634eb4876a27fd7392a541ed06be834373a53721c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
          Filesize

          327KB

          MD5

          8b70b00c399aeb69efd9dd7c3019c96e

          SHA1

          f742f0d8490c4bef67a4a763ce1ce896ebc58dac

          SHA256

          9b0941d2052d11b7fef4e093b58f548fc139a210c56917def8fd3f774855f326

          SHA512

          6d1f8a0be884332a73d15f41a50d2f3865321c9766c5568db15ce4f604f0c32711de364ec241e3d2980b27e634eb4876a27fd7392a541ed06be834373a53721c

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
          Filesize

          327KB

          MD5

          8b70b00c399aeb69efd9dd7c3019c96e

          SHA1

          f742f0d8490c4bef67a4a763ce1ce896ebc58dac

          SHA256

          9b0941d2052d11b7fef4e093b58f548fc139a210c56917def8fd3f774855f326

          SHA512

          6d1f8a0be884332a73d15f41a50d2f3865321c9766c5568db15ce4f604f0c32711de364ec241e3d2980b27e634eb4876a27fd7392a541ed06be834373a53721c

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
          Filesize

          327KB

          MD5

          8b70b00c399aeb69efd9dd7c3019c96e

          SHA1

          f742f0d8490c4bef67a4a763ce1ce896ebc58dac

          SHA256

          9b0941d2052d11b7fef4e093b58f548fc139a210c56917def8fd3f774855f326

          SHA512

          6d1f8a0be884332a73d15f41a50d2f3865321c9766c5568db15ce4f604f0c32711de364ec241e3d2980b27e634eb4876a27fd7392a541ed06be834373a53721c

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
          Filesize

          327KB

          MD5

          8b70b00c399aeb69efd9dd7c3019c96e

          SHA1

          f742f0d8490c4bef67a4a763ce1ce896ebc58dac

          SHA256

          9b0941d2052d11b7fef4e093b58f548fc139a210c56917def8fd3f774855f326

          SHA512

          6d1f8a0be884332a73d15f41a50d2f3865321c9766c5568db15ce4f604f0c32711de364ec241e3d2980b27e634eb4876a27fd7392a541ed06be834373a53721c

          Download Submit

        • \Users\Admin\AppData\Roaming\Microsoft\XMMC\taskhostsys.exe
          Filesize

          327KB

          MD5

          8b70b00c399aeb69efd9dd7c3019c96e

          SHA1

          f742f0d8490c4bef67a4a763ce1ce896ebc58dac

          SHA256

          9b0941d2052d11b7fef4e093b58f548fc139a210c56917def8fd3f774855f326

          SHA512

          6d1f8a0be884332a73d15f41a50d2f3865321c9766c5568db15ce4f604f0c32711de364ec241e3d2980b27e634eb4876a27fd7392a541ed06be834373a53721c

          Download Submit