Overview

overview

7

Static

static

3

AntDM_39cc...49.exe

windows7-x64

7

AntDM_39cc...49.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    147s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230915-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
  • submitted
    11/10/2023, 14:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    AntDM_39ccfb3a323a0c5573e15a7131871f4c5cbee1ac342f877fda932385c7bdee49.exe

  • Size

    36.3MB

  • MD5

    6f0f1d739c343de83110aaade9c87060

  • SHA1

    a75ab08aac32bdf9a1ecf02a3ccc814916947245

  • SHA256

    39ccfb3a323a0c5573e15a7131871f4c5cbee1ac342f877fda932385c7bdee49

  • SHA512

    d9e831274107b1094f6861ae50d69761aee91178b93fcc822b2ec4b87f08d164427c99624fcf7a91e1b4875c80cce25dc094e328b9010ebeb07fa38da694ee99

  • SSDEEP

    786432:mu4mNzpOc/M8DcT/SezxIetOs5NZxucs19a:bYc/bPezD53scJ

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 1 IoCs
  • Kills process with taskkill 2 IoCs
    evasion
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\AntDM_39ccfb3a323a0c5573e15a7131871f4c5cbee1ac342f877fda932385c7bdee49.exe
    "C:\Users\Admin\AppData\Local\Temp\AntDM_39ccfb3a323a0c5573e15a7131871f4c5cbee1ac342f877fda932385c7bdee49.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1472
    • C:\Users\Admin\AppData\Local\Temp\is-C5PQQ.tmp\AntDM_39ccfb3a323a0c5573e15a7131871f4c5cbee1ac342f877fda932385c7bdee49.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-C5PQQ.tmp\AntDM_39ccfb3a323a0c5573e15a7131871f4c5cbee1ac342f877fda932385c7bdee49.tmp" /SL5="$901F6,37037341,902144,C:\Users\Admin\AppData\Local\Temp\AntDM_39ccfb3a323a0c5573e15a7131871f4c5cbee1ac342f877fda932385c7bdee49.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:1948
      • C:\Windows\SysWOW64\taskkill.exe
        "taskkill.exe" /f /im antMR.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4952
      • C:\Windows\SysWOW64\taskkill.exe
        "taskkill.exe" /f /im antCH.exe
        3⤵
        • Kills process with taskkill
        • Suspicious use of AdjustPrivilegeToken
        PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\is-5RPIF.tmp\psvince.dll
    Filesize

    68KB

    MD5

    1f829cdf99a9fbe49ac6902597ad58b6

    SHA1

    aa5d990e7fae379ca9ea4612493fe1903cd2fea5

    SHA256

    9a0e0e27e20dfb30792917fc9e64aad05b0decc5a65aec5b2b4fd050e5b3cc2b

    SHA512

    8780e5cc98e398e985917d89bb5ba0052f1569a1d7c107578af4f9562168047155c4a066403189fc9e4f251a1b5c000051073916d5eda67f365e283941a3ec9d

    Download Submit

  • C:\Users\Admin\AppData\Local\Temp\is-C5PQQ.tmp\AntDM_39ccfb3a323a0c5573e15a7131871f4c5cbee1ac342f877fda932385c7bdee49.tmp
    Filesize

    3.1MB

    MD5

    dbb58ca5a4f7dc65e1cd20ca10744650

    SHA1

    1cb30c995c1743f625a4e1946c3b38015767cb05

    SHA256

    4c6305593fc2ba617386de1c1d377eed8cb8fcabf43ddf7d0d37c4ba0223ffea

    SHA512

    bed46191a86b842047ddd6df41115510019b7a4ecb3dfc26353a9631285b66e7d12eed0701833ea6ad690d56ce9740d8f92c8115c9b73917f2e831883fe30761

    Download Submit

  • memory/1472-1-0x0000000000400000-0x00000000004EA000-memory.dmp

    Filesize

    936KB

    Download

  • memory/1472-11-0x0000000000400000-0x00000000004EA000-memory.dmp

    Filesize

    936KB

    Download

  • memory/1948-6-0x0000000000910000-0x0000000000911000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1948-12-0x0000000000400000-0x0000000000723000-memory.dmp

    Filesize

    3.1MB

    Download

  • memory/1948-13-0x0000000000910000-0x0000000000911000-memory.dmp

    Filesize

    4KB

    Download