Analysis

  • max time kernel
    142s
  • max time network
    131s
  • platform
    windows7_x64
  • resource
    win7-20230831-en
  • resource tags

    arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
  • submitted
    13/10/2023, 03:27

General

  • Target

    deb2e32e0cf38b6a205ffdb227888bf26ccedf67062f9c63a6936fbd2eb59ce1.exe

  • Size

    198KB

  • MD5

    5e58df9889d5529a7d0f99e689f4897e

  • SHA1

    44b47008d2f4f79c9af013cdc6dec29e21d49589

  • SHA256

    deb2e32e0cf38b6a205ffdb227888bf26ccedf67062f9c63a6936fbd2eb59ce1

  • SHA512

    39843678cc1bc5de2ce0944f271c4362e051d45f8f0f4101cd67f36591459a25ff0ee788b8c0456f19cbd01f2b67d3d534ede39eeccfc0b2a92dc10a650ee561

  • SSDEEP

    6144:rBs27MMLyX5HXXXDTXXXOGqIII+pXXX5AYjKXXXDoXXXG6XXXxXXXLIIIEAkOCO7:rK20HXXX/XXXFqIIIcXXX5j2XXXcXXXC

Score
7/10

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\deb2e32e0cf38b6a205ffdb227888bf26ccedf67062f9c63a6936fbd2eb59ce1.exe
    "C:\Users\Admin\AppData\Local\Temp\deb2e32e0cf38b6a205ffdb227888bf26ccedf67062f9c63a6936fbd2eb59ce1.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2688
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\DEB2E3~1.EXE > nul
      2⤵
      • Deletes itself
      PID:2752
  • C:\Windows\Debug\iuyhost.exe
    C:\Windows\Debug\iuyhost.exe
    1⤵
    • Executes dropped EXE
    • Checks processor information in registry
    PID:2060

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Windows\debug\iuyhost.exe

    Filesize

    198KB

    MD5

    613ab16318d913070992f837dd764ba5

    SHA1

    e7c209c3042948f57b7c1952162c06d0eb75ce52

    SHA256

    9cc8cd5a03b40ab60766e5de3c98dcf5024ef43fba3c90f86c2794e3021fdb59

    SHA512

    2997e443ab14c67b361ae2cba07e8e01921a935b1217749367e3d635781a2da46049533f8c5cf2a68feba08e174a43271790ca824e4cb08627178945c0e79d04