Overview

overview

10

Static

static

10

Bootkits/5...1a.exe

windows7-x64

1

Bootkits/5...1a.exe

windows10-2004-x64

6

Bootkits/6...86.exe

windows7-x64

7

Bootkits/6...86.exe

windows10-2004-x64

7

Bootkits/8...f6.msi

windows7-x64

7

Bootkits/8...f6.msi

windows10-2004-x64

7

Bootkits/f...b1.exe

windows7-x64

7

Bootkits/f...b1.exe

windows10-2004-x64

Rootkits/0...c7.exe

windows7-x64

8

Rootkits/0...c7.exe

windows10-2004-x64

8

Rootkits/0...6d.exe

windows7-x64

10

Rootkits/0...6d.exe

windows10-2004-x64

1

Rootkits/0...ae.exe

windows7-x64

1

Rootkits/0...ae.exe

windows10-2004-x64

1

Rootkits/0...3e.exe

windows7-x64

7

Rootkits/0...3e.exe

windows10-2004-x64

10

Rootkits/0...10.exe

windows7-x64

7

Rootkits/0...10.exe

windows10-2004-x64

7

Rootkits/2...8e.dll

windows7-x64

1

Rootkits/2...8e.dll

windows10-2004-x64

1

Rootkits/2...a4.exe

windows7-x64

10

Rootkits/2...a4.exe

windows10-2004-x64

Rootkits/4...1b.exe

windows7-x64

7

Rootkits/4...1b.exe

windows10-2004-x64

7

Rootkits/6...d9.exe

windows7-x64

1

Rootkits/6...d9.exe

windows10-2004-x64

1

Rootkits/7...e8.exe

windows7-x64

7

Rootkits/7...e8.exe

windows10-2004-x64

7

Rootkits/8...22.exe

windows7-x64

1

Rootkits/8...22.exe

windows10-2004-x64

1

Rootkits/9...99.exe

windows7-x64

8

Rootkits/9...99.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    107s
  • max time network
    40s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    08-11-2023 03:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Rootkits/096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e.exe

  • Size

    13.5MB

  • MD5

    c3ecf2b0e8af05f35afa7608b59b03f6

  • SHA1

    fa881159493fb62295847d7ec5e9d9cb616c3ea9

  • SHA256

    096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e

  • SHA512

    8a1fc698e07edffb003376cf12d9e003778147ba0cf4d2f0ec58f35b84ff7b29e43dc0cb40176991ff5a5f6a549fb2b37a7a6db2c895645807c977133785424f

  • SSDEEP

    393216:45PcbXCpS9c5hlERblh2psAdZYyz/mrWvFMU:gcgeEhk5QpsAdZawK

Score
7/10

Malware Config

Signatures

  • Loads dropped DLL 7 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Rootkits\096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e.exe
    "C:\Users\Admin\AppData\Local\Temp\Rootkits\096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2600
    • C:\Users\Admin\AppData\Local\Temp\Rootkits\096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e.exe
      "C:\Users\Admin\AppData\Local\Temp\Rootkits\096322b16a7395e5534e9db6752aab1bd54275515f33f993d066ec7b46ed5b3e.exe"
      2⤵
      • Loads dropped DLL
      PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-file-l1-2-0.dll
    Filesize

    11KB

    MD5

    a506cc854a7c8e845c02309af6e8bb89

    SHA1

    e0ab3c65fe35ce7f1ef66fe4ec422c162cfe2ae7

    SHA256

    d97043a29a2d90ff58c85ba862d9e18dde15f09cdf8c51d71066e6f9c637a709

    SHA512

    b9e687cea76d725512087eefcdb4283131e835e0e616652d0aa85acec64fc3863792b95826b1b2c099ff8a984074265c0e7baeb831a53e5a51c54de1ddd8156e

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-file-l2-1-0.dll
    Filesize

    11KB

    MD5

    a3e5443ee262fb79604c64c22902a069

    SHA1

    2651a2fbf2db5c4baa2a6fd850945a58bc50fdfa

    SHA256

    caef9078861948570147dbdbfcda0786cc080bce39207ba614380745f24e357e

    SHA512

    f80e25c58cf315d44f242b9accbff605c42545425e02a81f57ba2fa73bb41ced4fd08336ce7df93df1b96beb4f18071808fb3a563f962b1b57a6792c9db88b0a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    14KB

    MD5

    c3f156e9da925fdc82d94ef45668c9db

    SHA1

    9e359da6638141c75999ebd9cb785f821eabdf87

    SHA256

    58001341d3ebe4486619a95a7f3513459a4b4a9edb652204e8bf1c3bbc3a9fdf

    SHA512

    6170e2990b715924b2bdbd7715ebd0b61451e23e533e38b63314f25b2fd2bf27da1b7344f86d35a1ae16cb821a504e78ac1e6b91a8a58b584a7c1a3b9079dcff

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    11KB

    MD5

    cd09d041f8776aa6d99eb816e659a782

    SHA1

    1be998dc0187707884c6aba155aa5e84eacbe64f

    SHA256

    0b63b7c742e46dcf9213fd3179d6f6761d912a97b63fbc25a60e0384fdef6d33

    SHA512

    ac3f572d70b41025890839bd16d774d59c9b34c9328fd991720807dfed2dbe2fd3ecfcd8d143a37d56fd212fe056e2684220d9ff1633270b5bcea6bf8302912a

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    11KB

    MD5

    2829f5e483811306b6cfcb3608f9940e

    SHA1

    34532c2c295928a179b9c41b37d57bee512e0966

    SHA256

    ec22fc858107ecf25c31ed139c71b70ed6e4dc4add0d36b28eb530c37bb5d268

    SHA512

    500e2dc961746284c7a60d1eca6a42b874be00f439d872559d5d8cbc42fa81864e11803c6098d1f6ffff913156b8018a00898458de312e0c0b624ac047356a79

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI26002\python39.dll
    Filesize

    4.3MB

    MD5

    11c051f93c922d6b6b4829772f27a5be

    SHA1

    42fbdf3403a4bc3d46d348ca37a9f835e073d440

    SHA256

    0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

    SHA512

    1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

    Download Submit
  • C:\Users\Admin\AppData\Local\Temp\_MEI26002\ucrtbase.dll
    Filesize

    1011KB

    MD5

    42573631d628bcbb003aff58813af95e

    SHA1

    9644917ed8d1b2a4dae73a68de89bec7de0321ce

    SHA256

    e188604616dccd066abd675883c8c86a4d2bd6a987c57667de6a644652b63443

    SHA512

    d5311a560109feca3f22f5df96f203c644926c27f456902c9d7f062da68bcc0dd5735f6872e765cdfa5119374eb5aa40883809a4608b7a3c21e798a38a3fa680

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-file-l1-2-0.dll
    Filesize

    11KB

    MD5

    a506cc854a7c8e845c02309af6e8bb89

    SHA1

    e0ab3c65fe35ce7f1ef66fe4ec422c162cfe2ae7

    SHA256

    d97043a29a2d90ff58c85ba862d9e18dde15f09cdf8c51d71066e6f9c637a709

    SHA512

    b9e687cea76d725512087eefcdb4283131e835e0e616652d0aa85acec64fc3863792b95826b1b2c099ff8a984074265c0e7baeb831a53e5a51c54de1ddd8156e

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-file-l2-1-0.dll
    Filesize

    11KB

    MD5

    a3e5443ee262fb79604c64c22902a069

    SHA1

    2651a2fbf2db5c4baa2a6fd850945a58bc50fdfa

    SHA256

    caef9078861948570147dbdbfcda0786cc080bce39207ba614380745f24e357e

    SHA512

    f80e25c58cf315d44f242b9accbff605c42545425e02a81f57ba2fa73bb41ced4fd08336ce7df93df1b96beb4f18071808fb3a563f962b1b57a6792c9db88b0a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-localization-l1-2-0.dll
    Filesize

    14KB

    MD5

    c3f156e9da925fdc82d94ef45668c9db

    SHA1

    9e359da6638141c75999ebd9cb785f821eabdf87

    SHA256

    58001341d3ebe4486619a95a7f3513459a4b4a9edb652204e8bf1c3bbc3a9fdf

    SHA512

    6170e2990b715924b2bdbd7715ebd0b61451e23e533e38b63314f25b2fd2bf27da1b7344f86d35a1ae16cb821a504e78ac1e6b91a8a58b584a7c1a3b9079dcff

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-processthreads-l1-1-1.dll
    Filesize

    11KB

    MD5

    cd09d041f8776aa6d99eb816e659a782

    SHA1

    1be998dc0187707884c6aba155aa5e84eacbe64f

    SHA256

    0b63b7c742e46dcf9213fd3179d6f6761d912a97b63fbc25a60e0384fdef6d33

    SHA512

    ac3f572d70b41025890839bd16d774d59c9b34c9328fd991720807dfed2dbe2fd3ecfcd8d143a37d56fd212fe056e2684220d9ff1633270b5bcea6bf8302912a

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI26002\api-ms-win-core-timezone-l1-1-0.dll
    Filesize

    11KB

    MD5

    2829f5e483811306b6cfcb3608f9940e

    SHA1

    34532c2c295928a179b9c41b37d57bee512e0966

    SHA256

    ec22fc858107ecf25c31ed139c71b70ed6e4dc4add0d36b28eb530c37bb5d268

    SHA512

    500e2dc961746284c7a60d1eca6a42b874be00f439d872559d5d8cbc42fa81864e11803c6098d1f6ffff913156b8018a00898458de312e0c0b624ac047356a79

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI26002\python39.dll
    Filesize

    4.3MB

    MD5

    11c051f93c922d6b6b4829772f27a5be

    SHA1

    42fbdf3403a4bc3d46d348ca37a9f835e073d440

    SHA256

    0eabf135bb9492e561bbbc5602a933623c9e461aceaf6eb1ceced635e363cd5c

    SHA512

    1cdec23486cffcb91098a8b2c3f1262d6703946acf52aa2fe701964fb228d1411d9b6683bd54527860e10affc0e3d3de92a6ecf2c6c8465e9c8b9a7304e2a4a6

    Download Submit
  • \Users\Admin\AppData\Local\Temp\_MEI26002\ucrtbase.dll
    Filesize

    1011KB

    MD5

    42573631d628bcbb003aff58813af95e

    SHA1

    9644917ed8d1b2a4dae73a68de89bec7de0321ce

    SHA256

    e188604616dccd066abd675883c8c86a4d2bd6a987c57667de6a644652b63443

    SHA512

    d5311a560109feca3f22f5df96f203c644926c27f456902c9d7f062da68bcc0dd5735f6872e765cdfa5119374eb5aa40883809a4608b7a3c21e798a38a3fa680

    Download Submit