Overview

overview

10

Static

static

1

winprofile

windows7-x64

10

winprofile

windows10-1703-x64

10

Analysis

  • max time kernel
    10s
  • max time network
    3s
  • platform
    windows7_x64
  • resource
    win7-20231025-en
  • resource tags

    arch:x64arch:x86image:win7-20231025-enlocale:en-usos:windows7-x64system
  • submitted
    07/11/2023, 04:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0f8db65f780633c6117ed2b4786cb17f2ed9f429e2937abd3b4e141bf791ee9f.exe

  • Size

    4.1MB

  • MD5

    c54d48bef80af7a2ae9e282ce9256cc9

  • SHA1

    6383bba7da67c097eede9eb386de29551ffd7380

  • SHA256

    0f8db65f780633c6117ed2b4786cb17f2ed9f429e2937abd3b4e141bf791ee9f

  • SHA512

    2694e6813a4ac9fc1d82a72e241c6f8a9cbdd92ada3f432818486ceccf3dfcc24db109efe57694bced4288772d3f84b439694045a88fd695c66bfe060bf81857

  • SSDEEP

    98304:Bx/AYBx/ZMY0OFU2lOHVou7/aJCUX5WcpowjnNOZFfZcqH:BxFbZMjUU2IHKS8CUqkwFBcK

Score
10/10
gluptebadropperloader

Malware Config

Signatures

  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0f8db65f780633c6117ed2b4786cb17f2ed9f429e2937abd3b4e141bf791ee9f.exe
    "C:\Users\Admin\AppData\Local\Temp\0f8db65f780633c6117ed2b4786cb17f2ed9f429e2937abd3b4e141bf791ee9f.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2704
    • C:\Users\Admin\AppData\Local\Temp\0f8db65f780633c6117ed2b4786cb17f2ed9f429e2937abd3b4e141bf791ee9f.exe
      "C:\Users\Admin\AppData\Local\Temp\0f8db65f780633c6117ed2b4786cb17f2ed9f429e2937abd3b4e141bf791ee9f.exe"
      2⤵
        PID:2920
    • C:\Windows\system32\makecab.exe
      "C:\Windows\system32\makecab.exe" C:\Windows\Logs\CBS\CbsPersist_20231107044733.log C:\Windows\Logs\CBS\CbsPersist_20231107044733.cab
      1⤵
        PID:2532

      Network

      MITRE ATT&CK Matrix

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • memory/2704-0-0x00000000028A0000-0x0000000002C98000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2704-1-0x00000000028A0000-0x0000000002C98000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2704-2-0x0000000002CA0000-0x000000000358B000-memory.dmp

        Filesize

        8.9MB

        Download

      • memory/2704-3-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/2704-4-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download

      • memory/2704-5-0x0000000002CA0000-0x000000000358B000-memory.dmp

        Filesize

        8.9MB

        Download

      • memory/2704-6-0x00000000028A0000-0x0000000002C98000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2920-7-0x00000000027F0000-0x0000000002BE8000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2920-8-0x00000000027F0000-0x0000000002BE8000-memory.dmp

        Filesize

        4.0MB

        Download

      • memory/2920-9-0x0000000002BF0000-0x00000000034DB000-memory.dmp

        Filesize

        8.9MB

        Download

      • memory/2920-10-0x0000000000400000-0x0000000000D1B000-memory.dmp

        Filesize

        9.1MB

        Download