Analysis
-
max time kernel
141s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20230703-en -
resource tags
arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system -
submitted
08/08/2023, 06:16
Static task
static1
Behavioral task
behavioral1
Sample
Payoffs.exe
Resource
win7-20230712-en
Behavioral task
behavioral2
Sample
Payoffs.exe
Resource
win10v2004-20230703-en
General
-
Target
Payoffs.exe
-
Size
485KB
-
MD5
8d1b9a7a8b8432f44917156c2b90601e
-
SHA1
655a6ba188174e17dccaeb309bd5356560b6b6a2
-
SHA256
ff1731ac0ceea544a04afa1526c83d5d6fa0a41fd1cf845e6e81095c9b373ad1
-
SHA512
b8250f13d4e9eabc31adbc3b183af3c007edae1a03463e7be301e0b4a700a7687135d6a8bf5f4dc8e91cf54693b5c9b34bb2fc8239231bd2bc1915648c69d9d1
-
SSDEEP
6144:+mOPUV36SmUWwtPU9lg15ux+jN25cVQIvjPTkTke77jKsU4k0+hvzvDlMh/BlU+h:9pWwd0IU5ciGjbmvzTk/5Mh7woD
Malware Config
Signatures
-
Guloader,Cloudeye
A shellcode based downloader first seen in 2020.
-
Loads dropped DLL 2 IoCs
pid Process 1328 Payoffs.exe 1328 Payoffs.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Program crash 2 IoCs
pid pid_target Process procid_target 1128 1328 WerFault.exe 82 1632 1328 WerFault.exe 82
Processes
-
C:\Users\Admin\AppData\Local\Temp\Payoffs.exe"C:\Users\Admin\AppData\Local\Temp\Payoffs.exe"1⤵
- Loads dropped DLL
PID:1328 -
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 10322⤵
- Program crash
PID:1128
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 10322⤵
- Program crash
PID:1632
-
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 1328 -ip 13281⤵PID:1196
-
C:\Windows\SysWOW64\WerFault.exeC:\Windows\SysWOW64\WerFault.exe -pss -s 544 -p 1328 -ip 13281⤵PID:3004
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
11KB
MD59625d5b1754bc4ff29281d415d27a0fd
SHA180e85afc5cccd4c0a3775edbb90595a1a59f5ce0
SHA256c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
SHA512dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b
-
Filesize
11KB
MD59625d5b1754bc4ff29281d415d27a0fd
SHA180e85afc5cccd4c0a3775edbb90595a1a59f5ce0
SHA256c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
SHA512dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b
-
Filesize
11KB
MD59625d5b1754bc4ff29281d415d27a0fd
SHA180e85afc5cccd4c0a3775edbb90595a1a59f5ce0
SHA256c2f405d7402f815d0c3fadd9a50f0bbbb1bab9aa38fe347823478a2587299448
SHA512dce52b640897c2e8dbfd0a1472d5377fa91fb9cf1aeff62604d014bccbe5b56af1378f173132abeb0edd18c225b9f8f5e3d3e72434aed946661e036c779f165b