Overview

overview

10

Static

static

10

Endermanch...is.exe

windows7-x64

1

Endermanch...is.exe

windows10-2004-x64

Endermanch...ug.exe

windows7-x64

6

Endermanch...ug.exe

windows10-2004-x64

6

Endermanch...ck.exe

windows7-x64

7

Endermanch...ck.exe

windows10-2004-x64

7

Endermanch...om.exe

windows7-x64

1

Endermanch...om.exe

windows10-2004-x64

1

Endermanch...le.exe

windows7-x64

1

Endermanch...le.exe

windows10-2004-x64

1

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

7

Endermanch...er.exe

windows10-2004-x64

7

Endermanch...er.exe

windows7-x64

Endermanch...er.exe

windows10-2004-x64

Endermanch...us.exe

windows7-x64

1

Endermanch...us.exe

windows10-2004-x64

1

Endermanch....C.exe

windows7-x64

10

Endermanch....C.exe

windows10-2004-x64

10

Endermanch...rd.exe

windows7-x64

10

Endermanch...rd.exe

windows10-2004-x64

9

Endermanch...a2.exe

windows7-x64

1

Endermanch...a2.exe

windows10-2004-x64

1

Endermanch...19.exe

windows7-x64

7

Endermanch...19.exe

windows10-2004-x64

7

Endermanch...eg.exe

windows7-x64

7

Endermanch...eg.exe

windows10-2004-x64

3

Endermanch...1).exe

windows7-x64

3

Endermanch...1).exe

windows10-2004-x64

3

Endermanch...ld.exe

windows7-x64

3

Endermanch...ld.exe

windows10-2004-x64

3

Resubmissions

10-05-2024 16:25

240510-tw1h5shh47 10

24-08-2023 11:16

230824-nda8msdf8z 10

05-08-2023 22:52

230805-2tn2bsfa82 10

24-07-2023 06:25

230724-g6s6laag35 10

22-07-2023 15:57

230722-tee6wabg5w 10

20-07-2023 23:19

230720-3bb5gsbf5v 10

20-07-2023 23:06

230720-23f23sba63 10

03-02-2021 11:43

210203-6bgge2nfan 10

22-11-2020 06:42

201122-6x1at779dj 10

Analysis

  • max time kernel
    155s
  • max time network
    175s
  • platform
    windows7_x64
  • resource
    win7-20230712-en
  • resource tags

    arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
  • submitted
    24-07-2023 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Endermanch@DeriaLock.exe

  • Size

    484KB

  • MD5

    0a7b70efba0aa93d4bc0857b87ac2fcb

  • SHA1

    01a6c963b2f5f36ff21a1043587dcf921ae5f5cd

  • SHA256

    4f5bff64160044d9a769ab277ff85ba954e2a2e182c6da4d0672790cf1d48309

  • SHA512

    2033f9637b8d023242c93f54c140dd561592a3380a15a9fdc8ebfa33385ff4fc569d66c846a01b4ac005f0521b3c219e87f4b1ed2a83557f9d95fa066ad25e14

  • SSDEEP

    6144:lqHKx3YCgy8HmmjJpnVhvLqCO3bLinIz1wASx:lqHoyHNj/nVhvLcyII

Score
7/10

Malware Config

Signatures

  • Drops startup file 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Endermanch@DeriaLock.exe
    "C:\Users\Admin\AppData\Local\Temp\Endermanch@DeriaLock.exe"
    1⤵
    • Drops startup file
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    PID:2540
  • C:\Windows\explorer.exe
    explorer.exe
    1⤵
      PID:1212

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/2540-55-0x0000000074270000-0x000000007495E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2540-54-0x00000000001D0000-0x0000000000252000-memory.dmp
      Filesize

      520KB

      Download
    • memory/2540-56-0x0000000000350000-0x0000000000390000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2540-57-0x0000000000350000-0x0000000000390000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2540-188-0x0000000000350000-0x0000000000390000-memory.dmp
      Filesize

      256KB

      Download
    • memory/2540-189-0x0000000074270000-0x000000007495E000-memory.dmp
      Filesize

      6.9MB

      Download
    • memory/2540-190-0x0000000000350000-0x0000000000390000-memory.dmp
      Filesize

      256KB

      Download