Overview

overview

10

Static

static

10

Endermanch...is.exe

windows7-x64

1

Endermanch...is.exe

windows10-2004-x64

Endermanch...ug.exe

windows7-x64

6

Endermanch...ug.exe

windows10-2004-x64

6

Endermanch...ck.exe

windows7-x64

7

Endermanch...ck.exe

windows10-2004-x64

7

Endermanch...om.exe

windows7-x64

1

Endermanch...om.exe

windows10-2004-x64

1

Endermanch...le.exe

windows7-x64

1

Endermanch...le.exe

windows10-2004-x64

1

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

Endermanch...er.exe

windows10-2004-x64

Endermanch...us.exe

windows7-x64

1

Endermanch...us.exe

windows10-2004-x64

1

Endermanch....C.exe

windows7-x64

10

Endermanch....C.exe

windows10-2004-x64

10

Endermanch...rd.exe

windows7-x64

10

Endermanch...rd.exe

windows10-2004-x64

9

Endermanch...a2.exe

windows7-x64

1

Endermanch...a2.exe

windows10-2004-x64

1

Endermanch...19.exe

windows7-x64

7

Endermanch...19.exe

windows10-2004-x64

7

Endermanch...eg.exe

windows7-x64

7

Endermanch...eg.exe

windows10-2004-x64

3

Endermanch...1).exe

windows7-x64

3

Endermanch...1).exe

windows10-2004-x64

3

Endermanch...ld.exe

windows7-x64

3

Endermanch...ld.exe

windows10-2004-x64

3

Resubmissions

10-05-2024 16:25

240510-tw1h5shh47 10

24-08-2023 11:16

230824-nda8msdf8z 10

05-08-2023 22:52

230805-2tn2bsfa82 10

24-07-2023 06:25

230724-g6s6laag35 10

22-07-2023 15:57

230722-tee6wabg5w 10

20-07-2023 23:19

230720-3bb5gsbf5v 10

20-07-2023 23:06

230720-23f23sba63 10

03-02-2021 11:43

210203-6bgge2nfan 10

22-11-2020 06:42

201122-6x1at779dj 10

Analysis

  • max time kernel
    147s
  • max time network
    140s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2023 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Endermanch@LPS2019.exe

  • Size

    1.1MB

  • MD5

    2eb3ce80b26345bd139f7378330b19c1

  • SHA1

    10122bd8dd749e20c132d108d176794f140242b0

  • SHA256

    8abed3ea04d52c42bdd6c9169c59212a7d8c649c12006b8278eda5aa91154cd2

  • SHA512

    e3223cd07d59cd97893304a3632b3a66fd91635848160c33011c103cca2badbfe9b78fe258666b634e455872f3a98889ede5a425d8fae91cae6983da1ea1190a

  • SSDEEP

    24576:pXhZgPlmWcA4Te9+g6+lET/+xRXKRwFSmjTGIWrwg:xInpSe99pCkRXKRMdGIWrN

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 4 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Endermanch@LPS2019.exe
    "C:\Users\Admin\AppData\Local\Temp\Endermanch@LPS2019.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
      "C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:2932

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • \Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • \Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • \Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • \Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • memory/2932-75-0x000000001B050000-0x000000001B1EC000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/2932-79-0x000007FEF4780000-0x000007FEF511D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2932-74-0x0000000001E70000-0x0000000001EF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2932-72-0x0000000000200000-0x0000000000220000-memory.dmp
    Filesize

    128KB

    Download
  • memory/2932-76-0x000007FEF4780000-0x000007FEF511D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2932-77-0x0000000001E70000-0x0000000001EF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2932-78-0x0000000001E70000-0x0000000001EF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2932-73-0x000007FEF4780000-0x000007FEF511D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2932-80-0x0000000001E70000-0x0000000001EF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2932-81-0x000007FEF4780000-0x000007FEF511D000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/2932-82-0x0000000001E70000-0x0000000001EF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2932-83-0x0000000001E70000-0x0000000001EF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2932-84-0x0000000001E70000-0x0000000001EF0000-memory.dmp
    Filesize

    512KB

    Download
  • memory/2932-85-0x0000000001E70000-0x0000000001EF0000-memory.dmp
    Filesize

    512KB

    Download