Overview

overview

10

Static

static

10

Endermanch...is.exe

windows7-x64

1

Endermanch...is.exe

windows10-2004-x64

Endermanch...ug.exe

windows7-x64

6

Endermanch...ug.exe

windows10-2004-x64

6

Endermanch...ck.exe

windows7-x64

7

Endermanch...ck.exe

windows10-2004-x64

7

Endermanch...om.exe

windows7-x64

1

Endermanch...om.exe

windows10-2004-x64

1

Endermanch...le.exe

windows7-x64

1

Endermanch...le.exe

windows10-2004-x64

1

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

Endermanch...er.exe

windows10-2004-x64

Endermanch...us.exe

windows7-x64

1

Endermanch...us.exe

windows10-2004-x64

1

Endermanch....C.exe

windows7-x64

10

Endermanch....C.exe

windows10-2004-x64

10

Endermanch...rd.exe

windows7-x64

10

Endermanch...rd.exe

windows10-2004-x64

9

Endermanch...a2.exe

windows7-x64

1

Endermanch...a2.exe

windows10-2004-x64

1

Endermanch...19.exe

windows7-x64

7

Endermanch...19.exe

windows10-2004-x64

7

Endermanch...eg.exe

windows7-x64

7

Endermanch...eg.exe

windows10-2004-x64

3

Endermanch...1).exe

windows7-x64

3

Endermanch...1).exe

windows10-2004-x64

3

Endermanch...ld.exe

windows7-x64

3

Endermanch...ld.exe

windows10-2004-x64

3

Resubmissions

10-05-2024 16:25

240510-tw1h5shh47 10

24-08-2023 11:16

230824-nda8msdf8z 10

05-08-2023 22:52

230805-2tn2bsfa82 10

24-07-2023 06:25

230724-g6s6laag35 10

22-07-2023 15:57

230722-tee6wabg5w 10

20-07-2023 23:19

230720-3bb5gsbf5v 10

20-07-2023 23:06

230720-23f23sba63 10

03-02-2021 11:43

210203-6bgge2nfan 10

22-11-2020 06:42

201122-6x1at779dj 10

Analysis

  • max time kernel
    148s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230703-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-07-2023 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Endermanch@LPS2019.exe

  • Size

    1.1MB

  • MD5

    2eb3ce80b26345bd139f7378330b19c1

  • SHA1

    10122bd8dd749e20c132d108d176794f140242b0

  • SHA256

    8abed3ea04d52c42bdd6c9169c59212a7d8c649c12006b8278eda5aa91154cd2

  • SHA512

    e3223cd07d59cd97893304a3632b3a66fd91635848160c33011c103cca2badbfe9b78fe258666b634e455872f3a98889ede5a425d8fae91cae6983da1ea1190a

  • SSDEEP

    24576:pXhZgPlmWcA4Te9+g6+lET/+xRXKRwFSmjTGIWrwg:xInpSe99pCkRXKRMdGIWrN

Score
7/10
persistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of FindShellTrayWindow 19 IoCs
  • Suspicious use of SendNotifyMessage 19 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Endermanch@LPS2019.exe
    "C:\Users\Admin\AppData\Local\Temp\Endermanch@LPS2019.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Program Files directory
    • Suspicious use of WriteProcessMemory
    PID:1124
    • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
      "C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe"
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4752

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • C:\Program Files (x86)\HjuTygFcvX\lpsprt.exe
    Filesize

    911KB

    MD5

    2e6360eeebcafd207ad6f4cfc81afdb3

    SHA1

    6d85d48c8c809ad0ee5f7b1b20ef79e871466072

    SHA256

    3a31f386f4a68827d8cbfeb087c017f871d80ab4565a2266f692fbe6cfea9c3b

    SHA512

    36e1cadeff91158c0e96585d7550dc193a6470f5fccf3cf98845c4291becc6dae39609771cc8157493bc6cb405446ac55a1790108c6c213293bf4a56ecf381e4

    Download Submit
  • memory/4752-148-0x0000000000C10000-0x0000000000C30000-memory.dmp
    Filesize

    128KB

    Download
  • memory/4752-149-0x00007FF848A30000-0x00007FF8493D1000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/4752-150-0x000000001BF90000-0x000000001C45E000-memory.dmp
    Filesize

    4.8MB

    Download
  • memory/4752-151-0x00007FF848A30000-0x00007FF8493D1000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/4752-152-0x0000000001700000-0x0000000001710000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4752-153-0x000000001CB50000-0x000000001CCEC000-memory.dmp
    Filesize

    1.6MB

    Download
  • memory/4752-154-0x000000001CDA0000-0x000000001CE46000-memory.dmp
    Filesize

    664KB

    Download
  • memory/4752-155-0x000000001CEF0000-0x000000001CF8C000-memory.dmp
    Filesize

    624KB

    Download
  • memory/4752-156-0x000000001BA40000-0x000000001BA48000-memory.dmp
    Filesize

    32KB

    Download
  • memory/4752-157-0x000000001CFF0000-0x000000001D03C000-memory.dmp
    Filesize

    304KB

    Download
  • memory/4752-158-0x0000000001700000-0x0000000001710000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4752-159-0x0000000001700000-0x0000000001710000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4752-160-0x00007FF848A30000-0x00007FF8493D1000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/4752-161-0x00007FF848A30000-0x00007FF8493D1000-memory.dmp
    Filesize

    9.6MB

    Download
  • memory/4752-162-0x0000000001700000-0x0000000001710000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4752-163-0x0000000001700000-0x0000000001710000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4752-164-0x0000000001700000-0x0000000001710000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4752-165-0x0000000001700000-0x0000000001710000-memory.dmp
    Filesize

    64KB

    Download
  • memory/4752-166-0x0000000001700000-0x0000000001710000-memory.dmp
    Filesize

    64KB

    Download