27d6f51d20512e8da2e6e119be1ed618c29f961455402cba70bda91a365a8c65

Resubmissions

11-07-2023 01:29

230711-bwfvmaea85 7

11-07-2023 01:25

230711-bs7h6sea75 7

Analysis

max time kernel
110s
max time network
36s
platform
windows7_x64
resource
win7-20230703-en
resource tags

arch:x64arch:x86image:win7-20230703-enlocale:en-usos:windows7-x64system
submitted
11-07-2023 01:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MF xfxs world.exe
Size

226.5MB
MD5

ecd69c0475152a756ef45ad06cd932fe
SHA1

22c06183d98d5d659e0e0d7e02a06fac8bb84ad9
SHA256

27d6f51d20512e8da2e6e119be1ed618c29f961455402cba70bda91a365a8c65
SHA512

08d5b193d4de5dcc1ba280e1f4788d390f8eed652ea4af70238604e6b1a1c6deec31fabac58bb60db463e72c9bbc1783ba08440f290a92b3cdeb3c936891785c
SSDEEP

6291456:4nImUPZLCWvaAtfsZewpRdiuek67HJ9CZEC0HycjFhSIgfcTn3:2UP5lSeEkwpRAue/j/UP0DjFhce3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2928	stdrt.exe

Loads dropped DLL 14 IoCs

pid	Process
2140	MF xfxs world.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe
2928	stdrt.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2928	stdrt.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2068	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2068	AUDIODG.EXE
Token: 33	2068	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2068	AUDIODG.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2928	stdrt.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2928	2140	MF xfxs world.exe	28
PID 2140 wrote to memory of 2928	2140	MF xfxs world.exe	28
PID 2140 wrote to memory of 2928	2140	MF xfxs world.exe	28
PID 2140 wrote to memory of 2928	2140	MF xfxs world.exe	28

C:\Users\Admin\AppData\Local\Temp\MF xfxs world.exe
"C:\Users\Admin\AppData\Local\Temp\MF xfxs world.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\stdrt.exe
  "C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\stdrt.exe" /SF "C:\Users\Admin\AppData\Local\Temp\MF xfxs world.exe" /SO394240
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:2928

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x5d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2068

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\Layer.mfx

Filesize
121KB

MD5
457476f41768b31ebdc83264e281a039

SHA1
b6829cef9a7a6a3d2ee39ac186c8c867b7208eae

SHA256
7693c525f35260f5100f031fdf55dec5e4871b94ca53d2603437401974aaf02b

SHA512
794ad61b9ae2b3233624fe7938204c7d455906e6ce634c83bb42b0cbf27df4b02a5d17c1bfd118e339fc312d7fda27e617face67fb56c8b45c28df0f6b9e7725

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\MMFS2.dll

Filesize
459KB

MD5
4cf7bb74d8104280b7e986f4df21109d

SHA1
edc21a43136afddbf4786593e84b934d40591b74

SHA256
c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

SHA512
2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\MMKRandomMultiPool.mfx

Filesize
265KB

MD5
b4a747c10e04c2ccb675990341872d2c

SHA1
9024a5b3f1256159188ea0efd00a2613d506750c

SHA256
ce4b4d9136711f263372dd4adcee610c16ed681cdf2727b4d800b388837bfffc

SHA512
37a073e14b49a883f26c048f431fe3718b97fd3f908470527e20a080670d8bfa29fd618b30c4bde02cb322e1e6c56c0c7b9bd63840435814ac2f4ea3d5e19350

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\ctrlx.mfx

Filesize
44KB

MD5
ceb8b2e522d0aaaecdf69b3bcc89a530

SHA1
c1cf769a96a9612f7fd0c1965413f4a57e4907e1

SHA256
3407eb12f6bacec5ebd4df96ff3fd34741a3919fd46c2ec527364c5f1e753a65

SHA512
3c46743c635eb96351e6a82490cececb24e6a104433c962f263ec01cf78fa9747d4f56d05c3085c0a18eff7c180b145df5e8e74bc008fe2f617f7f4c24be0331

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\cypher.mfx

Filesize
112KB

MD5
074beb9e3152e95f59130cddd47ac139

SHA1
7a8f7cd2ba58000bbc7bb52ba34ea8fe796d79c0

SHA256
a7b4174cfa2b167519abfc6232c018835e983fb9d787c582d0b5b439bd2203f4

SHA512
b8c2c3b8efb2d36c71d8730cff3587ecc4eae7348262131669926ede983233501c8bde625eaf0c2b62535f242117a64cefe91edf3ba0686509b1e7b5439f9223

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\kcedit.mfx

Filesize
32KB

MD5
e0cdbe134b5b60c920eda184853e32b2

SHA1
4370e12c54a4ce0a563dfd2212aec9d705cb1133

SHA256
c229b36ce4e3cf824844931c0dfce165da22c234397cb1e8258d05f86decd053

SHA512
1c88267b0e26dfaac0eacdf6d6e20c336b1d4cf6ba38ed1c46b4c8f8881174364404a138f2ae6851e2968bd2f22b31724edc7598c61d620b27e58af53a4dd0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\kcfile.mfx

Filesize
36KB

MD5
55d486fc27c48ca0fdc5884e88b03328

SHA1
fa60040768ab771e4278e4a618d33200a1089a6d

SHA256
078791005076d62c0bd25678577045ef9f67b683b84f942eb9c6af09a4738c46

SHA512
7bac2e151bce223adfe810e8fd409545c8b169711add24c6d5a4c5c2d58caef2f196ca4aaedeb80dcbfa8307d79e85c43601e8c18d318a34283457946671b573

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\kcini.mfx

Filesize
28KB

MD5
5522465eba7c81f1fb67d6ad1a5df233

SHA1
0ec415bfaa9db6984cf922d5503d9fde67d0b3e2

SHA256
82c4f5af3c25a8daf60185833d3d61f2e8e2851ad640b59af54060eab6bc859e

SHA512
30d0ed91bf072e7b7367a708eb6a7d92cc0f326249ffdd44a0d94c3b8feb37b38387141c88add61a578393a186e9fb379d42ab0018aa14e917705e4344233f6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
22284d6bb382967ff72363f828050e13

SHA1
5c98e25d24aacafffded9353c9526be0128c6dbd

SHA256
9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

SHA512
2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\modflt.sft

Filesize
139KB

MD5
ebbba2f177015b76b067b210f6af1133

SHA1
dfa2216650cc076c69bee22be17a16946957d93e

SHA256
18e45ef9724251583a74970c0d7bb4dbcb7ed7a0d94fecc023517a757007844c

SHA512
6cd20461981b4acb8b0682e536864258b098f80d4d9b72e177217e77a61b0009799f1f5c7e5ff8d900250e2a29a4e03f840ff097569f04ab4d47c0cedd8d05e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\mp3flt.sft

Filesize
24KB

MD5
7beafd3ec0c36a1422387c43c49f68ff

SHA1
240e7d8534ed25dffb902a969826f4300a88dde6

SHA256
cd5bd7cc59eaf42bc0edf418ce6f077f9db369d5e3c414107b82492a877a6176

SHA512
44101803bd757bb7a84577aa1c087472a619da732dcdb3947b683cd7a7df30931e4c9973e06532859f9654c4ad3635db205e41fc7214a0f52537be91e87b2734

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\oggflt.sft

Filesize
130KB

MD5
e925b7e0be07bc86cb8042168077bb04

SHA1
233c160b5264e1fa4f3b3ad6464207c09f698d26

SHA256
848d266c7676a5f59e66386d76679b97d2934166a8d829d5d000b217ab7a34cf

SHA512
0063b350116bfa478ecda081ae364e08c84cb97a337ff0b6e0d442653976c2663b8b2b430cca694f1a75fd93414d264b46da1331e7aadc2cdd424d69db27c31a

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\stdrt.exe

Filesize
1018KB

MD5
c3a0f519ddff61547f46b535989dbff4

SHA1
d30687e9fa01b78b48b1dd5042655021cdb1893b

SHA256
5712cd73560028c1c16e85af009b9e7fb63064e7550effcf1ff8d22d18bfc113

SHA512
eb3184822359a8934552813134c005598989e9273a552e49fecf314772972f4377c8070f1c9c9734be20c043ca5e985a1c6498ee468f26cbaff8cbdfe400edb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\stdrt.exe

Filesize
1018KB

MD5
c3a0f519ddff61547f46b535989dbff4

SHA1
d30687e9fa01b78b48b1dd5042655021cdb1893b

SHA256
5712cd73560028c1c16e85af009b9e7fb63064e7550effcf1ff8d22d18bfc113

SHA512
eb3184822359a8934552813134c005598989e9273a552e49fecf314772972f4377c8070f1c9c9734be20c043ca5e985a1c6498ee468f26cbaff8cbdfe400edb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\waveflt.sft

Filesize
8KB

MD5
f76739536860a0bdb4a7e3bbb0c06d08

SHA1
b21581aa36eda87db8845caf58c668749e26b29f

SHA256
41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

SHA512
6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\Layer.mfx

Filesize
121KB

MD5
457476f41768b31ebdc83264e281a039

SHA1
b6829cef9a7a6a3d2ee39ac186c8c867b7208eae

SHA256
7693c525f35260f5100f031fdf55dec5e4871b94ca53d2603437401974aaf02b

SHA512
794ad61b9ae2b3233624fe7938204c7d455906e6ce634c83bb42b0cbf27df4b02a5d17c1bfd118e339fc312d7fda27e617face67fb56c8b45c28df0f6b9e7725

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\MMKRandomMultiPool.mfx

Filesize
265KB

MD5
b4a747c10e04c2ccb675990341872d2c

SHA1
9024a5b3f1256159188ea0efd00a2613d506750c

SHA256
ce4b4d9136711f263372dd4adcee610c16ed681cdf2727b4d800b388837bfffc

SHA512
37a073e14b49a883f26c048f431fe3718b97fd3f908470527e20a080670d8bfa29fd618b30c4bde02cb322e1e6c56c0c7b9bd63840435814ac2f4ea3d5e19350

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\ctrlx.mfx

Filesize
44KB

MD5
ceb8b2e522d0aaaecdf69b3bcc89a530

SHA1
c1cf769a96a9612f7fd0c1965413f4a57e4907e1

SHA256
3407eb12f6bacec5ebd4df96ff3fd34741a3919fd46c2ec527364c5f1e753a65

SHA512
3c46743c635eb96351e6a82490cececb24e6a104433c962f263ec01cf78fa9747d4f56d05c3085c0a18eff7c180b145df5e8e74bc008fe2f617f7f4c24be0331

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\cypher.mfx

Filesize
112KB

MD5
074beb9e3152e95f59130cddd47ac139

SHA1
7a8f7cd2ba58000bbc7bb52ba34ea8fe796d79c0

SHA256
a7b4174cfa2b167519abfc6232c018835e983fb9d787c582d0b5b439bd2203f4

SHA512
b8c2c3b8efb2d36c71d8730cff3587ecc4eae7348262131669926ede983233501c8bde625eaf0c2b62535f242117a64cefe91edf3ba0686509b1e7b5439f9223

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\kcedit.mfx

Filesize
32KB

MD5
e0cdbe134b5b60c920eda184853e32b2

SHA1
4370e12c54a4ce0a563dfd2212aec9d705cb1133

SHA256
c229b36ce4e3cf824844931c0dfce165da22c234397cb1e8258d05f86decd053

SHA512
1c88267b0e26dfaac0eacdf6d6e20c336b1d4cf6ba38ed1c46b4c8f8881174364404a138f2ae6851e2968bd2f22b31724edc7598c61d620b27e58af53a4dd0f1

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\kcfile.mfx

Filesize
36KB

MD5
55d486fc27c48ca0fdc5884e88b03328

SHA1
fa60040768ab771e4278e4a618d33200a1089a6d

SHA256
078791005076d62c0bd25678577045ef9f67b683b84f942eb9c6af09a4738c46

SHA512
7bac2e151bce223adfe810e8fd409545c8b169711add24c6d5a4c5c2d58caef2f196ca4aaedeb80dcbfa8307d79e85c43601e8c18d318a34283457946671b573

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\kcini.mfx

Filesize
28KB

MD5
5522465eba7c81f1fb67d6ad1a5df233

SHA1
0ec415bfaa9db6984cf922d5503d9fde67d0b3e2

SHA256
82c4f5af3c25a8daf60185833d3d61f2e8e2851ad640b59af54060eab6bc859e

SHA512
30d0ed91bf072e7b7367a708eb6a7d92cc0f326249ffdd44a0d94c3b8feb37b38387141c88add61a578393a186e9fb379d42ab0018aa14e917705e4344233f6a

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\mmf2d3d9.dll

Filesize
1.1MB

MD5
22284d6bb382967ff72363f828050e13

SHA1
5c98e25d24aacafffded9353c9526be0128c6dbd

SHA256
9eaa342059785bd584df956574c637e6d0e6016a099221a56e0397f8c86cd93f

SHA512
2e5a5bf115b1d2a07d0647b6f4925ab84301ca6354e3f3beb8d44f51900ff21b06b97b23128160fd94dfd33116d03094ca47c49143ae98473eaaed441f9705b2

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\mmfs2.dll

Filesize
459KB

MD5
4cf7bb74d8104280b7e986f4df21109d

SHA1
edc21a43136afddbf4786593e84b934d40591b74

SHA256
c0d56cefb509e5600ac6b430adcaf53b81881d3fff4e62b7ede158d66d826622

SHA512
2bbac48354657659795697e67508d777ee595348e1fb3d4b6c65d8618c346b3be0052b1e2e2fe669dcca19c3c00d59d1833acc21d88a97efbde2694935e3c292

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\modflt.sft

Filesize
139KB

MD5
ebbba2f177015b76b067b210f6af1133

SHA1
dfa2216650cc076c69bee22be17a16946957d93e

SHA256
18e45ef9724251583a74970c0d7bb4dbcb7ed7a0d94fecc023517a757007844c

SHA512
6cd20461981b4acb8b0682e536864258b098f80d4d9b72e177217e77a61b0009799f1f5c7e5ff8d900250e2a29a4e03f840ff097569f04ab4d47c0cedd8d05e4

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\mp3flt.sft

Filesize
24KB

MD5
7beafd3ec0c36a1422387c43c49f68ff

SHA1
240e7d8534ed25dffb902a969826f4300a88dde6

SHA256
cd5bd7cc59eaf42bc0edf418ce6f077f9db369d5e3c414107b82492a877a6176

SHA512
44101803bd757bb7a84577aa1c087472a619da732dcdb3947b683cd7a7df30931e4c9973e06532859f9654c4ad3635db205e41fc7214a0f52537be91e87b2734

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\oggflt.sft

Filesize
130KB

MD5
e925b7e0be07bc86cb8042168077bb04

SHA1
233c160b5264e1fa4f3b3ad6464207c09f698d26

SHA256
848d266c7676a5f59e66386d76679b97d2934166a8d829d5d000b217ab7a34cf

SHA512
0063b350116bfa478ecda081ae364e08c84cb97a337ff0b6e0d442653976c2663b8b2b430cca694f1a75fd93414d264b46da1331e7aadc2cdd424d69db27c31a

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\stdrt.exe

Filesize
1018KB

MD5
c3a0f519ddff61547f46b535989dbff4

SHA1
d30687e9fa01b78b48b1dd5042655021cdb1893b

SHA256
5712cd73560028c1c16e85af009b9e7fb63064e7550effcf1ff8d22d18bfc113

SHA512
eb3184822359a8934552813134c005598989e9273a552e49fecf314772972f4377c8070f1c9c9734be20c043ca5e985a1c6498ee468f26cbaff8cbdfe400edb4

Download Submit
\Users\Admin\AppData\Local\Temp\mrt7C23.tmp\waveflt.sft

Filesize
8KB

MD5
f76739536860a0bdb4a7e3bbb0c06d08

SHA1
b21581aa36eda87db8845caf58c668749e26b29f

SHA256
41136b09b033a20b9acc430620ea095ff76afbdc7aebe7f26f7d2b4315afddef

SHA512
6e65f23a4c1e3b0068b190f9aaaedcfa0466b0185cd6bbafa5f6f6940c8bc332e7c8c611d1b3b63bb2c5fcda48bbe2a678d81a3819940ecc0c701d6fec4194c7

Download Submit
memory/2928-96-0x0000000001FE0000-0x0000000002033000-memory.dmp

Filesize
332KB

Download
memory/2928-101-0x0000000000460000-0x0000000000484000-memory.dmp

Filesize
144KB

Download
memory/2928-91-0x0000000000390000-0x00000000003AE000-memory.dmp

Filesize
120KB

Download