2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20230712-en
resource tags

arch:x64arch:x86image:win7-20230712-enlocale:en-usos:windows7-x64system
submitted
23/08/2023, 00:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe
Size

1.5MB
MD5

30eea8e35a3744773cb0c71db7b54796
SHA1

e162db7848a3288e8a62a695adbb63370d3705d3
SHA256

2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c
SHA512

24a42e35b45b9bb3e8dd74678162e1987c1fcd0d9b4e5647dd6f40194a1c49eca7b67ab67d6c7a928c2b7a146e54a32584b976948984d63e91f4314aff7bf36d
SSDEEP

12288:w/Jm0On2dUX/jtKQPdUS1Dyex0wO2bEBWqsn0ak4VfYN4XfMIiElTFDrhc/f/6Lb:cE2UX/jFOsn0xxilJ3u/QAS1SfM7zZ

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1024678951-1535676557-2778719785-1000\Software\Microsoft\Windows\CurrentVersion\Run\Serverx = "C:\\Windows\\system32\\Serverx.exe"	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Serverx.exe	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe
File created	C:\Windows\SysWOW64\Serverx.exe	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 2972	1492	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe	28
PID 1492 wrote to memory of 2972	1492	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe	28
PID 1492 wrote to memory of 2972	1492	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe	28
PID 1492 wrote to memory of 2972	1492	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe	28
PID 1492 wrote to memory of 1412	1492	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe	21
PID 1492 wrote to memory of 1412	1492	2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1412
- C:\Users\Admin\AppData\Local\Temp\2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe
  "C:\Users\Admin\AppData\Local\Temp\2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:1492
- - C:\Users\Admin\AppData\Local\Temp\2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe
    "C:\Users\Admin\AppData\Local\Temp\2833776ffc1c6335b9c28ad8b635098673f7d9d7137a2b123b930b258dd71d8c.exe"
    3⤵
    PID:2972

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1412-58-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/1412-59-0x0000000002670000-0x0000000002671000-memory.dmp

Filesize
4KB

Download
memory/1492-54-0x00000000000C0000-0x000000000023CD6F-memory.dmp

Filesize
1.5MB

Download
memory/1492-55-0x0000000001DB0000-0x0000000001F2D000-memory.dmp

Filesize
1.5MB

Download
memory/1492-60-0x00000000000C0000-0x000000000023CD6F-memory.dmp

Filesize
1.5MB

Download
memory/2972-56-0x00000000000C0000-0x000000000023CD6F-memory.dmp

Filesize
1.5MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads