Analysis
-
max time kernel
142s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
15-07-2023 00:27
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
b8c302a27f96d81723dae52638784519772a968b84533a793e69aab74ef08ba4.exe
Resource
win10v2004-20230703-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
b8c302a27f96d81723dae52638784519772a968b84533a793e69aab74ef08ba4.exe
-
Size
164KB
-
MD5
16bab536f93bbf833bca053e355402ee
-
SHA1
8b7ccbef0fcb0edab800b6ddc0c9d302b0a03374
-
SHA256
b8c302a27f96d81723dae52638784519772a968b84533a793e69aab74ef08ba4
-
SHA512
c7f9b1f0a6034e22b61febcab103482dc613f861a987e53569a2526aba56826fd06f98fe357506fd4f2806abc7f84c3d86e2e046cdfac3539eea6e67ff9c603f
-
SSDEEP
1536:OwUFugbhVF1JcLNXAOdTbf6QpfcgDVUZjEvhDPNQ0mb/h2rJI87FZuQ2Tk8lU5Ag:tLLhTL6QpPkEvhjNQ0C0h7vtd5Aa
Score
10/10
Malware Config
Extracted
Family
systembc
C2
adstat477d.xyz:4044
demstat577d.xyz:4044
Signatures
-
Adds Run key to start application 2 TTPs 2 IoCs
Processes:
b8c302a27f96d81723dae52638784519772a968b84533a793e69aab74ef08ba4.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\Software\Microsoft\Windows\CurrentVersion\Run b8c302a27f96d81723dae52638784519772a968b84533a793e69aab74ef08ba4.exe Set value (str) \REGISTRY\USER\S-1-5-21-3011986978-2180659500-3669311805-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\socks5 = "powershell.exe -windowstyle hidden -Command \"& 'C:\\Users\\Admin\\AppData\\Local\\Temp\\b8c302a27f96d81723dae52638784519772a968b84533a793e69aab74ef08ba4.exe'\"" b8c302a27f96d81723dae52638784519772a968b84533a793e69aab74ef08ba4.exe
Processes
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/5044-134-0x0000000000690000-0x0000000000790000-memory.dmpFilesize
1024KB
-
memory/5044-135-0x0000000000650000-0x0000000000655000-memory.dmpFilesize
20KB
-
memory/5044-136-0x0000000000400000-0x00000000004E3000-memory.dmpFilesize
908KB
-
memory/5044-138-0x0000000000690000-0x0000000000790000-memory.dmpFilesize
1024KB
-
memory/5044-139-0x0000000000650000-0x0000000000655000-memory.dmpFilesize
20KB