Overview

overview

8

Static

static

3

2e080650e8...e2.exe

windows7-x64

8

2e080650e8...e2.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    134s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 03:31

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2e080650e8767269be322947e720a0a3898f8b386dd71944f583d1774279b0e2.exe

  • Size

    7.2MB

  • MD5

    0b6a4ed72d018856fdaefbf037151766

  • SHA1

    e44c4bb38d7938dec8cf33531a05e9baaa62b1c6

  • SHA256

    2e080650e8767269be322947e720a0a3898f8b386dd71944f583d1774279b0e2

  • SHA512

    4d8d776c85f66be109ea453a56264e5da5d31cf262f9baa9f3f00442a64241d90116dda78c734890565dfe8d6b7bb9f0050f98e0924ad531a42412182c46c16c

  • SSDEEP

    98304:ORFK6bW7qJrAnAeESL6HSNQDOzHKi/2ZoL9gGU5z0/jClKZ/fjC0YYOcS4kfJ7:TI3rAAhtyqU2mLM5EpCxYOZfJ7

Score
8/10
persistence

Malware Config

Signatures

  • Drops file in Drivers directory 2 IoCs
  • Sets service image path in registry 2 TTPs 1 IoCs
    persistence
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2e080650e8767269be322947e720a0a3898f8b386dd71944f583d1774279b0e2.exe
    "C:\Users\Admin\AppData\Local\Temp\2e080650e8767269be322947e720a0a3898f8b386dd71944f583d1774279b0e2.exe"
    1⤵
    • Drops file in Drivers directory
    • Sets service image path in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:1400

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\System32\drivers\ACE-BASE.sys
    Filesize

    2.0MB

    MD5

    698faf743fd81cbc9323dce3915f4685

    SHA1

    8c1860930b44e269ad348a60049979bd6177d762

    SHA256

    bcd04e96d538291da5f5a729d34f6bc8898505f7486d7558ffb40184b4e1595b

    SHA512

    e72859f70068825edf5507a7e5d26b02ff7138e32ef59d9b3031febb9350a7145d1c262fe152788baf2fbbf0a711c6bed0afb761b44998d4ae0046139e1f93ad

    Download Submit

  • memory/1400-14-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-21-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-0-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-5-0x0000000000400000-0x0000000000B6D000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1400-7-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-9-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-11-0x00000000001E0000-0x00000000001E1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-2-0x0000000000400000-0x0000000000B6D000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1400-6-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-16-0x0000000000270000-0x0000000000271000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-19-0x0000000000280000-0x0000000000281000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-26-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-24-0x0000000000290000-0x0000000000291000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-29-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-31-0x00000000003A0000-0x00000000003A1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-3-0x00000000001C0000-0x00000000001C1000-memory.dmp

    Filesize

    4KB

    Download

  • memory/1400-424-0x0000000000400000-0x0000000000B6D000-memory.dmp

    Filesize

    7.4MB

    Download

  • memory/1400-522-0x0000000000400000-0x0000000000B6D000-memory.dmp

    Filesize

    7.4MB

    Download